Cryptojacking attacks are skyrocketing as cybercriminals lose their appetite for ransomware assaults and opt for new tactics.
That’s according to a new report from cybersecurity firm SonicWall. The report tracked 139.3 million cryptojacking attacks in 2022, a 43% jump from 2021. At the same time, the number of global ransomware operations dropped 21%, down to 493.3 million.
Cryptojacking refers to hacks where attackers install malware in victims’ computers, causing them to secretly mine cryptocurrencies on behalf of the hackers. These attacks rely on the virus remaining undetected for as long as possible. By contrast, ransomware attacks lock victims out of their systems and extort ransoms to give back control.
Immanuel Chavoya, threat detection and response strategist at SonicWall, told DL News:
“This significant shift in threat actor behaviour is influenced by several factors, including changes in the threat landscape, increased awareness and defences against ransomware, an increase in sanctions and coordinated government actions, as well as the profitability and ease of carrying out cryptojacking attacks.”
‘I’m done with ransomware for now. I’m going in cryptojacking lol’
The results echo that of a recent Chainalysis report that found that while ransomware attackers extorted at least $456.8 million from victims in 2022, that was still down from $765.6 million the year before.
Law enforcement agencies have been upping their efforts in response. Russia’s invasion of Ukraine has helped encourage US lawmakers to double those efforts.
To avoid getting caught in law enforcement agencies’ crosshairs, cybercriminals seemingly scaled down their ransomware attacks.
“Ransomware was once the go to cyberattack for many criminal groups and bad actors, but it was essentially a victim of its own success,” Jake Moore, global cybersecurity advisor at cybersecurity company ESET, told DL News. “The more organisations that learnt the hard way – it paved the way for companies to double down on prevention and include better backup policies and restore functionalities.”
AstraLocker provides a telling example. Since 2021, the threat actor has made a name for itself as a particularly aggressive ransomware operation.
‘There is still easy money to be made from exploiting systems that allow cryptojacking software to execute’
While other cybercriminals drip-fed malware into victims’ systems to avoid detection, the people behind AstraLocker favoured a more unorthodox modus operandi: they rapidly deployed the virus the moment the victim opened their contaminated email attachments.
However, in July, AstraLocker suddenly announced that its run of smash-n-grab stings was at an end, saying “fun things always end sometime.”
“I’m done with ransomware for now. I’m going in cryptojacking lol,” AstraLocker’s developer told Bleeping Computer.
While the threat actor did not say why it had made the pivot, AstraLocker’s move highlights “the increasing popularity of cryptojacking as a way for criminals to generate income,” Chavoya said.
The rise in cryptojacking attacks could also be linked to the growing ubiquity of connected devices.
“Many IoT devices are not designed with security in mind, making them easier targets for cybercriminals,” Chavoya said.
Data from ESET’s T3 2022 report suggests that the number of cryptocurrency-related threats, such as cryptojacking, declined last year. The subcategory of cryptominers dropped by 24% between September and December. The cybersecurity firm linked the fall to plummeting cryptocurrency exchange rates and soaring energy prices.
Moore said that cryptojacking still represented a big threat for would-be victims as ransomware as “it is understandable why criminals are potentially looking at other creative ways to succeed.”
“Although cryptocurrencies have not kept up with the expected success, there is still easy money to be made from exploiting systems that allow cryptojacking software to execute,” Moore said.