Markets
Share this article

Mining Malware Now a Bigger Threat Than Ransomware, Says Report

Illicit crypto-miners and ransomware have swapped places in popularity among cybercriminals, says a security firm.

By Christine Kim
Updated Sep 13, 2021, 8:11 a.m. Published Jul 18, 2018, 4:15 p.m.
shutterstock_438568522

Illicit cryptocurrency mining, or "cryptojacking," has become more popular among cybercriminals than ransomware, according to a report by Skybox Security.

In its mid-year update, the firm said that crypto miners now account for 32 percent of all cyberattacks, while ransomware only makes up 8 percent.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Cryptojacking utilizes code hidden on websites or devices to harnesses victims' computing resources such as their central processing unit and bandwidth to mine cryptocurrencies.

The Skybox report reveals a notable shift in the preferences of cyberattackers when it comes to choosing the tools of their illegal trade.

In the second half of 2017, Skybox found that the situation was almost exactly reversed. While ransomware attacks – in which the data on an individual's computer is encrypted by malware and only unlocked upon payment of a fee – made up 32 percent of all attacks, cryptojacking represented 7 percent of the total at the time.

While the reason for the swap in popularity may be partly down to the rise in price of cryptocurrencies at the end of last year, Skybox said the ransomware model was seeing diminishing returns as victims stopped paying up on reports that data was not being decrypted as promised. Increasing adoption of user protections, such as data backups and better protective tools, were also cited as a factor.

In the update, which was first reported by Computing, the company said:

"Cryptocurrency miners may be the new kid on the block, but they're taking over. With high-profit opportunity and a low chance of being discovered or stopped, this malware tool provides a money-making safe haven for cybercriminals."

Hacker image via Shutterstock

CrimeSecurityMiningReportsNewscybercrimerepublished

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Zcash Floats Dynamic Fee Plan to Ensure Users Won’t Be Priced Out

By Shaurya Malwa
2 hours ago
(Christian Dubovan/Unsplash, modified by CoinDesk)

ZEC zoomed 12% amid the fee discussion, beating gains across all major tokens.

What to know:

  • A new proposal by Shielded Labs suggests a dynamic fee market for Zcash to address rising transaction costs and network congestion.
  • The proposed system uses a median fee per action observed over the prior 50 blocks, with a priority lane for high-demand periods.
  • The changes aim to maintain Zcash's privacy features while avoiding complex protocol redesigns.
Read full story