Skip to main

Woburn, MA – June 27, 2018 –Kaspersky Lab has found that the number of internet users attacked by malicious cryptocurrency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics from over the past two years show that miners are increasingly targeting developing markets, taking advantage of internet users in these regions to grow their revenues. These are some of the key findings in Kaspersky Lab’s annual ransomware and malicious crypto miners report, 2016-2018.

The Kaspersky Lab report, which covers two similar periods (April to March 2016-2017 and April to March 2017-2018), shows that while ransomware can provide cybercriminals with potentially large, one-off rewards in a turbulent landscape, miners might make less money from their victims, but through a more sustainable and longer-term model. This elongated approach is gaining popularity among the cybercriminal community.

Kaspersky Lab experts have detected a significant change in the cyberthreat landscape, with PC and mobile ransomware attacks on unique users dropping dramatically in 2017-2018 (by almost 30 percent and 22.5 percent, respectively). Alternatively, cybercriminals are opting to make their money out of cryptocurrency miners – specialized “mining” software which creates a new currency unit (or coin) by using the computing power of the victim’s PC and mobile devices. Malicious miners do so at the expense of other users, capitalizing on the power of their computers and devices without their knowledge.

According to the report, PC crypto miners are steadily growing. The total number of users who encountered this form of mining rose from nearly 1.9 million in 2016-2017 to 2.7 million in 2017-2018.

Mobile crypto miners are also emerging as a threat, with unique attacks growing by 9.5 percent. Overall, this form of mining targeted almost 5,000 users in 2017-2018, compared to around 4,500 users in 2016-2017. Mobile users in China and India are particularly victimized by this threat.

“The reasons behind these changes in the cyberthreat landscape are clear,” notes Anton Ivanov, security expert, Kaspersky Lab. “For cybercriminals, ransomware is a noisy and risky way of making money; it attracts media and state attention. The mining model, however, is easier to activate and more stable – attack your victims, discreetly build crypto currency using their CPU or GPU power, and then transfer that into real money through legal exchanges and transactions.”

Other key findings from the report include:

  • The total number of users who encountered ransomware fell by almost30 percent, from nearly 2.6 million in 2016-2017 to 8 million in 2017-2018;
  • The number of users attacked with cryptors dropped by almost half, from2 million in 2016-2017 to just over 750,000 in 2017-2018;
  • The number of users attacked with mobile ransomware fell by 5 percent from 130,232 in 2016-2017 to 100,868 in 2017-2018;
  • The total number of users who encountered miners rose by almost 5 percent from 1.9 million in 2016-2017 to 2.7 million in 2017-2018;
  • The total number of users who encountered mobile miners also grew – but at a steadier pace, growing by 5 percent from 4,505 in 2016-2017 to 4,931 in 2017-2018.

To reduce the risk of infection with ransomware and miners, users are advised to:

  1. Treat email attachments or messages from unknown senders with caution. When in doubt, don’t open it.
  2. Back up data regularly.
  3. Always keep software updated on all devices. To prevent miners and ransomware from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities, as well as download and install patches.
  4. For personal devices, use a reliable consumer security solution and remember to keep key features – such as System Watcher – switched on.
  5. Businesses can enhance their preferred third party security solution with the newest version of Kaspersky Anti-Ransomware Tool.
  6. For superior protection, use an endpoint security solution that is powered by behavior detection and able to roll back malicious actions.
  7. Don’t overlook less obvious targets, such as queue management systems, POS terminals and even vending machines. As the miner that relied on the EternalBlue exploit shows, this type of equipment can be hijacked to mine cryptocurrency.
  8. Use application control to track malicious activity in legitimate applications. Specialized devices should be in Default Deny mode. Use dedicated security solution, such as Kaspersky Endpoint Security for Business, which includes these functions.
  9. To protect the corporate environment, educate employees and IT teams, keep sensitive data separate, restrict access, and always back up everything.
  10. Remember that ransomware is a criminal offense. Victims should not pay the ransom. If you become a victim, report it to your local law enforcement agency.

Visit the No Ransom website for the latest decryptors, ransomware removal tools and information about ransomware protection.

Read the full version of the report on

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Media Contact

Jessica Bettencourt

Kaspersky Lab finds victims of malicious crypto miners increased by nearly 50 percent within one year

Ransomware and malicious crypto miners report reveals 2.7 million internet users encountered this form of mining in 2017-2018
Kaspersky Logo