Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom (usually in Bitcoins or another widely used e-currency), if they want to regain access to their files and devices. The term ransomware covers two main types of malware: so-called window blockers (which block the OS or browser with a pop-up window) and cryptors (which encrypt the user’s data).
The term also encompasses select groups of Trojan-downloaders, namely those that tend to download encryption ransomware once a PC is infected. Kaspersky Lab has a tradition of reporting on the evolution of ransomware – and you can find previous reports on the threat here and here. This year, however, we came across a huge obstacle in continuing this tradition.
We have found that ransomware is rapidly vanishing, and that cryptocurrency mining is starting to take its place. The architecture of cryptocurrencies assumes that, in addition to purchasing cryptocurrency, a user can create a new currency unit (or coin) by harnessing the computational power of machines that have specialized ‘mining’ software installed on them. Cryptocurrency mining is the process of creating these coins – it happens when various cryptocurrency transactions are verified and added to the digital blockchain ledger.
The blockchain, in its turn, is a chain of successive blocks holding recorded transactions such as who has transferred bitcoins, how many, and to whom. All participants in the cryptocurrency network store the entire chain of blocks with details of all of the transactions that have ever been made, and participants continuously add new blocks to the end of the chain.
Fonte: Kaspersky Lab
