News: Cryptominers and ransomware on the rise in Q3 2021
November 2021 by Kaspersky
Cryptocurrency is having a moment: the price of bitcoin reached another record high on November 10th, a culmination of an upswing that began after a significant drop in value in early summer. In fact, the value of cryptocurrency has steadily increased in the second half of the year—and perhaps cybercriminals’ interest in miners.
Miners are programs downloaded onto users’ devices that then extract or “mine” cryptocurrency from the infected system. While they’ve been a popular tool in cybercriminals’ arsenals since 2018, their use tends to fluctuate. This year, from June to August, the number of unique users encountering miners grew, as did the value of bitcoin (a reversal of what was observed in Q2), reaching a peak of nearly 150,000 users in September.
The number of unique Kaspersky users that encountered miners from July to September
In addition, Kaspersky encountered a total of 46,097 new modifications of miners in Q3—an increase of about 47% when compared to the number of modifications found in Q2.
The number of miner modifications from July to September 2021
Also on the rise this past quarter were ransomware Trojans. In Q3, a total of 108,323 users encountered ransomware attacks—an increase of about 11% when compared to the number of users affected by ransomware in Q2. The number of users encountering ransomware Trojans peaked in September at 46,000.
“What we’ve seen for a long time is that cybercriminals follow the trends both within the cybersecurity landscape and society as a whole. Cryptocurrency has been in the spotlight in the second half of the year—as has ransomware—so it’s not surprising malicious actors would want to profit off these trends. Whether or not the value of bitcoin has a direct effect on the use of miners is impossible to say, but I could certainly be a contributing factor. However, the statistics here represent a positive: it represents the number of users that encountered miners or ransomware on their computer that were then blocked by the security products installed. Threats may grow, but users can still stay safe,” comments Evgeny Lopatin, security expert at Kaspersky.
To stay safe from both ransomware and miners, Kaspersky experts recommend:
• Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities.
• Use a dedicated security solution such as Kaspersky Endpoint Security for Business with application and web control to minimise the chance of cryptominers being launched; behavior analysis helps quickly detect malicious activity, while vulnerability and patch manager safeguards against cryptominers that exploit vulnerabilities.
• Make sure that you back up your important files regularly. A safe option is to create two copies: one to be stored in the cloud and the other recorded to a physical means of storage (portable hard drive, thumb drive, extra laptop, etc.).
• Cybercriminals often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. With that in mind, fine-tune your antispam settings and never open attachments sent by an unknown sender.
• You can enable the ‘Show file extensions’ option in the Windows settings. This will make it much easier to distinguish potentially malicious files. As Trojans are programs, you should be warned to stay away from file extensions like “exe”, “vbs” and “scr”.You need to keep a vigilant eye on this as many familiar file types can also be dangerous. Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document (like hot-chics.avi.exe or doc.scr).
• Use a robust security solution to protect your system from ransomware, such as Kaspersky Internet Security, which prevents viruses from getting into your computer, or, should the virus infiltrate your system, protect important files using a special capability.
• If you are unlucky to have your files encrypted, don’t pay the ransom, unless the instant access to some of your files is critical.