Rapid Rise in Malicious Crypto Mining Attacks: Key Findings Report | GBAF

Rapid Rise in Malicious Crypto Mining Attacks: Key Findings Report | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > Victims of malicious crypto miners increase by 44% – as 2.7 million internet users are targeted in a year

Victims of malicious crypto miners increase by 44% – as 2.7 million internet users are targeted in a year

Published by Gbaf News

Posted on June 29, 2018

9 min read

Last updated: January 21, 2026

Image illustrating the global glass tempering system market growth forecast - Global Banking & Finance Review — Illustration depicting the projected growth in the global glass tempering system market, expected to reach US$ 135.6 Mn by 2027, driven by trends in renewable energy and advanced manufacturing technologies.

The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics for the last 24 months show that miners are increasingly focused on developing markets, and are taking advantage of internet users in these regions to grow their revenues. This is one of the key findings in Kaspersky Lab’s annual ransomware and malicious crypto miners report, 2016-2018. The report, which covers two similar periods (April to March 2016-2017 and April to March 2017-2018), shows that while ransomware can provide cybercriminals with potentially large but one-off rewards in a turbulent landscape, miners might make less money out of their victims, but through a more sustainable/ longer-term model. This is naturally gaining popularity among the cybercriminal community.

Kaspersky Lab experts have detected a significant change in the cyberthreat landscape: PC and mobile ransomware attacks on unique users dropped dramatically in 2017-2018 (by almost 30% and 22.5% respectively).

Cybercriminals are instead opting to make their money out of crypto currency miners – specialised “mining” software which creates a new currency unit (or coin) by using the computing power of the victim PC and mobile devices. Malicious miners do so at the expense of other users, capitalising on the power of their computers and devices without their knowledge.

According to the report, PC crypto miners are steadily growing. The total number of users who encountered this form of mining rose from 1,899,236 in 2016-2017, to 2,735,611 in 2017-2018.

Mobile crypto miners are also emerging as a threat, with unique attacks growing by 9.5%. Overall, this form of mining targeted almost 5,000 users in 2017-2018, compared to around 4,500 users in 2016-2017. Mobile users in China and India are particularly victimised by this threat.

“It is clear to see why we are seeing these changes in the cyberthreat landscape. The mining model allows cybercriminals to attack their victims discreetly – generating crypto currency by using CPU or GPU power and transferring that into real money through legal exchanges and transactions. Ransomware, on the other hand, is a noisy and risky way of making money; it attracts media and state attention – hence the shift to crypto mining,” says David Emm, Principal Security Researcher at Kaspersky Lab.

Other key findings from the report include:

The total number of users who encountered ransomware fell by almost 30%, from 2,581,026 in 2016-2017 to 1,811,937 in 2017-2018;
The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware fell by around 1 percentage point, from 3.88% in 2016-2017 to 2.80% in 2017-2018;
Among those who encountered ransomware, the proportion who encountered cryptors fell by around 3 percentage points, from 44.6% in 2016-2017 to 41.5% in 2017-2018;
The number of users attacked with cryptors almost halved, from 1,152,299 in2016-2017 to 751,606 in 2017-2018;
The number of users attacked with mobile ransomware fell by 22.5% from 130,232 in 2016-2017to 100,868 in 2017-2018;
The total number of users who encountered miners rose by almost 44.5% from 1,899,236 in 2016-2017 to 2,735,611 in 2017-2018;
The share of miners detected, from the overall number of threats detected, also grew from almost 3% in 2016-2017 to over 4% in 2017-2018;
The share of miners detected, from overall risk tool detections, is also on the rise – from over 5% in 2016-2017 to almost 8% in 2017-2018;
The total number of users who encountered mobile miners also grew – but at a steadier pace, growing by 9.5% from 4,505 in 2016-2017 to 4,931 in 2017-2018.

To reduce the risk of infection with ransomware and miners, users are advised to:

Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.
Back up data regularly.
Always keep software updated on all the devices you use. To prevent miners and ransomware from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.
For personal devices, use a reliable consumer security solution and remember to keep key features – such as System Watcher – switched on.
If you’re a business, enhance your preferred third party security solution with newest version of Kaspersky Anti-Ransomware Tool.
For superior protection use an endpoint security solution that is powered by behavior detection and able to roll back malicious actions.
Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. As the miner that relied on the EternalBlue exploit shows, such equipment can also be hijacked to mine cryptocurrency.
Use application control to track malicious activity in legitimate applications. Specialized devices should be in Default Deny mode. Use dedicated security solution, such as Kaspersky Endpoint Security for Businessthat includes these functions.
To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, restrict access, and always back up everything.
Last, but not least, remember that ransomware is a criminal offence. You shouldn’t pay. If you become a victim, report it to your local law enforcement agency.

The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics for the last 24 months show that miners are increasingly focused on developing markets, and are taking advantage of internet users in these regions to grow their revenues. This is one of the key findings in Kaspersky Lab’s annual ransomware and malicious crypto miners report, 2016-2018. The report, which covers two similar periods (April to March 2016-2017 and April to March 2017-2018), shows that while ransomware can provide cybercriminals with potentially large but one-off rewards in a turbulent landscape, miners might make less money out of their victims, but through a more sustainable/ longer-term model. This is naturally gaining popularity among the cybercriminal community.

Kaspersky Lab experts have detected a significant change in the cyberthreat landscape: PC and mobile ransomware attacks on unique users dropped dramatically in 2017-2018 (by almost 30% and 22.5% respectively).

Cybercriminals are instead opting to make their money out of crypto currency miners – specialised “mining” software which creates a new currency unit (or coin) by using the computing power of the victim PC and mobile devices. Malicious miners do so at the expense of other users, capitalising on the power of their computers and devices without their knowledge.

According to the report, PC crypto miners are steadily growing. The total number of users who encountered this form of mining rose from 1,899,236 in 2016-2017, to 2,735,611 in 2017-2018.

Mobile crypto miners are also emerging as a threat, with unique attacks growing by 9.5%. Overall, this form of mining targeted almost 5,000 users in 2017-2018, compared to around 4,500 users in 2016-2017. Mobile users in China and India are particularly victimised by this threat.

“It is clear to see why we are seeing these changes in the cyberthreat landscape. The mining model allows cybercriminals to attack their victims discreetly – generating crypto currency by using CPU or GPU power and transferring that into real money through legal exchanges and transactions. Ransomware, on the other hand, is a noisy and risky way of making money; it attracts media and state attention – hence the shift to crypto mining,” says David Emm, Principal Security Researcher at Kaspersky Lab.

Other key findings from the report include:

The total number of users who encountered ransomware fell by almost 30%, from 2,581,026 in 2016-2017 to 1,811,937 in 2017-2018;
The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware fell by around 1 percentage point, from 3.88% in 2016-2017 to 2.80% in 2017-2018;
Among those who encountered ransomware, the proportion who encountered cryptors fell by around 3 percentage points, from 44.6% in 2016-2017 to 41.5% in 2017-2018;
The number of users attacked with cryptors almost halved, from 1,152,299 in2016-2017 to 751,606 in 2017-2018;
The number of users attacked with mobile ransomware fell by 22.5% from 130,232 in 2016-2017to 100,868 in 2017-2018;
The total number of users who encountered miners rose by almost 44.5% from 1,899,236 in 2016-2017 to 2,735,611 in 2017-2018;
The share of miners detected, from the overall number of threats detected, also grew from almost 3% in 2016-2017 to over 4% in 2017-2018;
The share of miners detected, from overall risk tool detections, is also on the rise – from over 5% in 2016-2017 to almost 8% in 2017-2018;
The total number of users who encountered mobile miners also grew – but at a steadier pace, growing by 9.5% from 4,505 in 2016-2017 to 4,931 in 2017-2018.

To reduce the risk of infection with ransomware and miners, users are advised to:

Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.
Back up data regularly.
Always keep software updated on all the devices you use. To prevent miners and ransomware from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.
For personal devices, use a reliable consumer security solution and remember to keep key features – such as System Watcher – switched on.
If you’re a business, enhance your preferred third party security solution with newest version of Kaspersky Anti-Ransomware Tool.
For superior protection use an endpoint security solution that is powered by behavior detection and able to roll back malicious actions.
Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. As the miner that relied on the EternalBlue exploit shows, such equipment can also be hijacked to mine cryptocurrency.
Use application control to track malicious activity in legitimate applications. Specialized devices should be in Default Deny mode. Use dedicated security solution, such as Kaspersky Endpoint Security for Businessthat includes these functions.
To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, restrict access, and always back up everything.
Last, but not least, remember that ransomware is a criminal offence. You shouldn’t pay. If you become a victim, report it to your local law enforcement agency.