2016-2018勒索软件和恶意矿工的威胁景观(英文版)
2025-04-22
2
0
593.46KB
34 页
10玖币
侵权投诉
KSN Report:
Ransomware and
malicious cryptominers
2016-2018
www.kaspersky.com
2
Contents
KSN Report: .......................................................................................... 1
Ransomware and malicious cryptominers 2016-2018 ....................... 1
Executive summary and main findings ................................................. 3
Introduction: A disappearing species - a brief look at ransomware
decline over a year .............................................................................. 5
Game changer – how cryptocurrency miners beat them all ......... 18
Part 1. PC miners ............................................................................. 18
Part 2. Mobile miners ....................................................................... 24
Part 3. Between black and white: are risk tools replacing
malware? .......................................................................................... 29
Conclusions and predictions .............................................................. 33
Fighting back ..................................................................................... 34
3
Executive summary and main findings
Ransomware is not an unfamiliar threat. For the last few years it has been affecting the
world of cybersecurity, infecting and blocking access to various devices or files and
requiring users to pay a ransom (usually in Bitcoins or another widely used e-currency),
if they want to regain access to their files and devices.
The term ransomware covers two main types of malware: so-called window blockers (which
block the OS or browser with a pop-up window) and cryptors (which encrypt the user’s data).
The term also encompasses select groups of Trojan-downloaders, namely those that tend to
download encryption ransomware once a PC is infected.
Kaspersky Lab has a tradition of reporting on the evolution of ransomware – and you
can find previous reports on the threat here and here.
This year, however, we came across a huge obstacle in continuing this tradition. We
have found that ransomware is rapidly vanishing, and that cryptocurrency mining is
starting to take its place.
The architecture of cryptocurrencies assumes that, in addition to purchasing
cryptocurrency, a user can create a new currency unit (or coin) by harnessing the
computational power of machines that have specialized ‘mining’ software installed on
them.
Cryptocurrency mining is the process of creating these coins – it happens when various
cryptocurrency transactions are verified and added to the digital blockchain ledger. The
blockchain, in its turn, is a chain of successive blocks holding recorded transactions
such as who has transferred bitcoins, how many, and to whom. All participants in the
cryptocurrency network store the entire chain of blocks with details of all of the
transactions that have ever been made, and participants continuously add new blocks to
the end of the chain.
Those who add new blocks are called miners, and in the Bitcoin world, as a reward for
each new block, its creator currently receives 12.5 Bitcoins. That’s approximately
$30,000 according to the exchange rate on July 1, 2017. You can find out more about
the mining process here.
Given the above, this report will examine what is hopefully ransomware’s last breath, in
detail, along with the rise of mining. The report covers the period April 2017 to March
2018, and compares it with April 2016 – March 2017.
Methodology:
This report has been prepared using depersonalized data processed by Kaspersky
Security Network (KSN). The metrics are based on the number of distinct users of
Kaspersky Lab products with the KSN feature enabled, who encountered ransomware
and cryptominers at least once in a given period, as well as research into the threat
landscape by Kaspersky Lab experts.
4
Main findings:
• The total number of users who encountered ransomware fell by almost 30%, from
2,581,026 in 2016-2017 to 1,811,937 in 2017-2018;
• The proportion of users who encountered ransomware at least once out of the total
number of users who encountered malware fell by around 1 percentage point, from
3.88% in 2016-2017 to 2.80% in 2017-2018;
• Among those who encountered ransomware, the proportion who encountered
cryptors fell by around 3 percentage points, from 44.6% in 2016-2017 to 41.5% in
2017-2018;
• The number of users attacked with cryptors almost halved, from 1,152,299 in 2016-
2017 to 751,606 in 2017-2018;
• The number of users attacked with mobile ransomware fell by 22.5% from 130,232 in
2016-2017 to 100,868 in 2017-2018;
• The total number of users who encountered miners rose by almost 44.5% from
1,899,236 in 2016-2017 to 2,735,611 in 2017-2018;
• The share of miners detected, from the overall number of threats detected, also grew
from almost 3% in 2016-2017 to over 4% in 2017-2018;
• The share of miners detected, from overall risk tool detections, is also on the rise –
from over 5% in 2016-2017 to almost 8% in 2017-2018;
• The total number of users who encountered mobile miners also increased – but at a
steadier pace, growing by 9.5% from 4,505 in 2016-2017 to 4,931 in 2017-2018.
5
Introduction: A disappearing species - a brief
look at ransomware decline over a year
Early 2017 witnessed a dangerous trend: cybercriminals started to turn their attention away
from attacks against private users, to targeted ransomware attacks against businesses.
Focusing mainly on financial organizations worldwide, ransomware actors were hunting new
and more profitable victims. On the one hand, this change led to ransomware being the ‘story
of the year’. On the other hand, this change turned out to be more of an isolated surge than a
trend.
The past year’s most remarkable ransomware trend was the rapid spread of threats such as
Wannacry and Badrabbit. These were global epidemics that triggered a huge peak in the
number of ransomware victims in a very short space of time. Taking a closer look, we found
that ransomware was also used by advanced threat actors to mount attacks for data
destruction, rather than for pure financial gain.
However, our quarterly analysis also showed us that ransomware was leaving the scene: see
here for more information.
This discovery led us to speculate whether the ransomware business model was starting to
crack. Was there a more lucrative alternative for cybercriminals looking to make money?
What could it be? Our guess was that criminals were starting to turn their backs on
ransomware, to focus on cryptocurrency mining instead.
Kaspersky Lab’s threat predictions for cryptocurrencies in 2018, suggested a rise in targeted
attacks for the purpose of installing miners. While ransomware can provide cybercriminals
with potentially large but one-off rewards in a turbulent landscape, miners might make less
money out of their victims, but through a more sustainable/ longer-term model.
PC ransomware
The numbers for the observed period prove the above theory.
The total number of users who encountered ransomware over the12 month period from April
2017 to March 2018 fell by almost 30% in comparison to the previous year: April 2016 to
March 2017 – from 2,581,026 to 1,811,937 users around the world. This change is even
more dramatic if you consider that ransomware had risen by 17.7% from April 2015 to March
2016, and 11.4% from April 2016 to March 2017 (see previous reports for more details).
The proportion of users that encountered ransomware at least once, out of the total number
of users who encountered malware, is also falling steadily: 4.34% in 2015-2016, 3.88% in
2016-2017, and 2.80% in 2017-2018.
The following graphs illustrate the change in the number of users encountering ransomware
at least once in the 24-months covered by this report. As can be seen in Fig. 1, the volume of
摘要:
展开>>
收起<<
KSNReport:Ransomwareandmaliciouscryptominers2016-2018www.kaspersky.com2ContentsKSNReport:..........................................................................................1Ransomwareandmaliciouscryptominers2016-2018.......................1Executivesummaryandmainfindings.........................
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
分类:图书资源
价格:10玖币
属性:34 页
大小:593.46KB
格式:PDF
时间:2025-04-22
作者详情
-
Optimal Persistent Monitoring of Mobile Targets in One Dimension Jonas Hall1 Sean Andersson12 Christos G. Cassandras13 Abstract This work shows the existence of opti-10 玖币0人下载
-
Optimal metabolic strategies for microbial growth in stationary random environments Anna Paola Muntoni and Andrea De Martino10 玖币0人下载
相关内容
-
行政事业单位内部控制报告-关于印发编外聘用人员管理制度和编外聘用人员年度考核制度
分类:办公文档
时间:2025-03-03
标签:无
格式:DOC
价格:5.9 玖币
-
行政事业单位内部控制报告-风险评估管理制度
分类:办公文档
时间:2025-03-03
标签:无
格式:DOCX
价格:5.9 玖币
-
行政事业单位内部控制报告-采购管理内部控制制度
分类:办公文档
时间:2025-03-03
标签:无
格式:DOCX
价格:5.9 玖币
-
行政事业单位内部控制报告-部署单位内部控制专题培训和风险评估工作会议纪要
分类:办公文档
时间:2025-03-03
标签:无
格式:DOC
价格:5.9 玖币
-
行政事业单位内部控制报告-关键岗位轮岗及专项审计制度
分类:办公文档
时间:2025-03-03
标签:关键
格式:DOCX
价格:5.9 玖币
渝公网安备50010702506394
