McAfee Report Warns of Ransomware Resurgence as Crypto Mining Malware Rises 29%

Neil Dennis

Miners were among the worst hit in the cryptoasset industry by cyber crime in the first quarter this year according to the latest "Threats" report by McAfee Labs.

Meanwhile, users of Apple devices were singled out by CookieMiner, a malware that targets bitcoin wallet credentials. First uncovered in late 2018, the CookieMiner can also install covert cryptocurrency mining software onto Apple devices.

The cybersecurity firm detected a 29% rise in new coin mining malware since the fourth quarter 2018, and samples of new malware rose by 35%. Total coin mining malware samples increased 414% over the past four quarters, acording to data shared with CryptoGlobe.

Ransomware Attacks

More broadly, the report said that businesses were experiencing 504 new cybersecurity threats every minute, while there was a rise of 118% in new ransomware, after a small decline in the fourth quarter of 2018. 

The report said such attacks were taking a far more targeted approach, while "threat actors" found "more anonymous" methods of conducting criminal business. Indeed, there was much anecdotal evidence that perpetrators of these attacks were increasingly asking for ransoms to be paid into anonymous wallets in cryptocurrency. 

CryptoGlobe reported last week that businesses and public institutions in 23 Texas towns had been hit by ransomware attacks by hackers demanding as much as $2.5 million a time. Similar attacks had previously been reported in Baltimore and Lake City, Florida, with the latter paying the ransom demand of nearly $500,000 in bitcoin. 

"The impact of these threats is very real," said Raj Samani, McAfee chief scientist. He added:

It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer facing major fraud. We must not forget for every cyber attack, there is a human cost.

Bitcoin Ransomware Hackers Lose Control of Their Decryption Tool

Michael LaVere
  • Software firm Emsisoft warns that attacks broke their own decryption tool for the Ryuk ransomware.
  • Affected users are at risk of having their files deleted despite paying the bitcoin ransom. 

A security firm has warned that the Ryuk bitcoin ransomware has broken its own decryption tool, causing affected users to lose their files even after sending the BTC ransom. 

Software company Emsisoft told news outlet The Next Web that the hackers behind the Ryuk ransomware are responsible for the decryption error. According to the security firm, a recent update made to Ryuk caused the program to alter the way it calculates the length files, inadvertently making the decryption tool defunct, 

As a result, the decryptor provided by the Ryuk authors will truncate files, cutting off one too many bytes in the process of decrypting the file. Depending on the exact file type, this may or may not cause major issues.

Users who pay the crypto ransom are still at risk of losing their files and data, depending on where the byte cutoff is made. 

Emsisoft recommends Ryuk victims backup encrypted data before running the decryption key,

A final word of advice: prior to running any ransomware decryptor – whether it was supplied by a bad actor or by a security company – be sure to back up the encrypted data first. Should the tool not work as expected, you’ll be able to try again.

Featured Image Credit: Photo via