Weary Cybercriminals Turn to Cryptojacking Banks: ReportCrackdown on Ransomware Has Operators Seeking Alternatives
Cybercriminals stressed out by the fraught world of ransomware may be responsible for growth in comparatively simpler hacks that repurpose victims' computers into cryptocurrency miners, especially in the computation-heavy financial industry.
At least one ransomware-as-a-service group has gone public with its intention to leave behind ransomware in favor of the less lucrative but also less risky domain of cryptojacking.
That group, AstraLocker, may well not be alone, says threat intelligence firm SonicWall. The company reports detecting 66.7 million cryptojacking attacks during the first half of 2020, a 30% year-on-year increase. Ransomware attempts during that period dropped 23%, the company says.
"After governments stepped up ransomware awareness and enforcement efforts and ransomware attacks such as those against Colonial Pipeline and Kaseya led to high-profile busts, some ransomware operators have decided they're ready for a quieter life," the firm says in a midyear assessment of the threat landscape.
The financial industry, in particular, has seen a surge in cryptojacking attacks from hackers attracted by the industry's "high capacity and high availability of IT infrastructure that can be misused," says Amit Jaju, senior managing director at Ankura Consulting Group.
There are other benefits to lurking inside a bank's digital systems and using them to churn out new cryptocurrency tokens, as opposed to maliciously encrypting them for payment.
Collecting a ransom requires announcing the hack and communicating with victims. In contrast, attackers can carry out cryptojacking without victims being aware.
Even in this cryptocurrency bear market, cryptojacking is "essentially having a money printing press, albeit on your infrastructure and at your cost," Immanuel Chavoya, threat detection and response strategist at SonicWall, tells Information Security Media Group.
That's not to say that ransomware is about to disappear. Even with a relative diminution in ransomware volume during the first half of 2022, the number of attacks still add up to more attempts than were made during the entirety of 2019, SonicWall says.
Neither is SonicWall's assessment about a dip in ransomware volumes universally shared (see: Ransomware Ecosystem: Big-Name Brands Becoming a Liability).
As SonicWall acknowledges: "As long as there’s a financial incentive, there will still be ransomware."