January 25, 2018

Malwarebytes Annual State of Malware Report Reveals Ransomware Detections Increased More Than 90 Percent

Report reveals significant changes in cybercriminal methodology, including:

  • Ransomware was the tool of choice for cybercriminals in 2017 and ransomware attacks increased up to 10 times
  • 2017 saw a massive increase in the malicious use of cryptominers with Malwarebytes blocking an average of 8 million drive-by mining attempts per day
  • Cybercriminals increased their usage of banking Trojans and hijackers to steal data from businesses


SANTA CLARA, Calif. – January 25, 2018 – Malwarebytes™, the leading advanced malware prevention and remediation solution, today released a security research report analyzing the top malware threats for 2017. The findings, presented in the Malwarebytes Cybercrime Tactics and Techniques: 2017 State of Malware Report, illustrate a significant shift in attack methodology, a distinct evolution in the predominant attack tools and a distinct divergence in the types of attacks against businesses from attacks against consumers. The report illustrates sharp increases in malware-based cybercrime, including ransomware, banking Trojans, spyware, adware, cryptocurrency miners and others were detected across all victims.

Key findings from the 2017 report include:

  • Ransomware was the tool of choice for cybercriminals in 2017
    • Ransomware against consumers went up more than 93 percent while ransomware against businesses increased 90 percent.
    • The monthly rate of ransomware attacks increased up to 10 times the rate of 2016, with September 2017 having the largest volume of ransomware attacks against businesses ever documented.
    • Between July 2017 and September 2017, there was a 700 percent increase in ransomware, according to Malwarebytes’ telemetry, with two families making up most of that statistic:
      • GlobeImposter increased 341 percent from July 2017 to August 2017
      • WannaCry surged 375 percent from August 2017 to September 2017
  •  2017 saw a massive increase in the malicious use of cryptominers
    • Driven by the cryptocurrency craze, bad actors have started utilizing cryptomining tools for their own profit, using victim’s personal computers in the process. This includes a significant increase of miners through compromised websites, malicious spam, exploit kit drops and adware bundlers.
    • Malwarebytes blocked an average of 8 million drive-by mining attempts per day in September 2017.
  • Cybercriminals continue utilizing banking Trojans and hijackers to steal data from businesses
    • The second half of the year marked an average of 102 percent increase in banking Trojan detections.
    • Hijackers rose nearly 40 percent year-over-year, moving this threat to the most common threat detected against businesses in 2017.
  • Consumer threats are on the rise
    • The overall threat volume against consumers rose 12 percent in 2017.
    • Worms and ransomware moved into Malwarebytes’ top 10 types of threats to consumers for 2017.
  •  Adware makers dwindle, but volume continues to increase
    • The volume of adware increased 132 percent year-over-year, making up 40 percent of consumer threat detections (up from less than 20 percent in 2016).
    • Adware is Malwarebytes second-most detected threat, despite fewer adware families in the mix. Most of the work is being done by a handful of active adware developers for Windows, macOS and Android.

“Ransomware continued to dominate in 2017, with this tool of choice for hackers increasing 90 percent from the previous year,” said Marcin Kleczynski, Malwarebytes CEO. “What cybercriminals could not hold for ransom, they stole from businesses. For example, spyware is up 30 percent and hijackers are up 40 percent. Each year, we spend countless hours providing analysis on the methodologies, tactics and tools being used by cybercriminals to help our customers and partners protect against the most rampant and prolific threats affecting businesses and consumers worldwide.”

To better understand how cybercriminals are evolving their threats and tactics, Malwarebytes researchers analyzed security threat telemetry from January 2016 to November 2017. Data was also obtained from Malwarebytes’ internal honeypots and collection efforts to identify not only infection, but also malware distribution. The report finds significant increases in the volume of threats against both businesses and consumers and details the most interesting and impactful methods of malware creation and distribution in all of 2017.

“The last year has certainly thrown us a few curveballs, with massive ransomware attacks, changes in malware distribution and the significant increase in cryptocurrency miners. With 2018 just getting started, these findings can help pave the wave for increased awareness, C-level participation and enhanced technologies to better protect both consumers and businesses,” said Kleczynski.

To download a copy of the full report please visit, https://go.malwarebytes.com/CTNTState-of-MalwareQ417_press.html.


About Malwarebytes

Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. Malwarebytes completely replaces antivirus solutions to remove the personal obstacles and business interruptions caused by modern cybersecurity threats. More than 10,000 businesses and millions of people trust Malwarebytes innovative machine-learning solutions and global team of researchers to identify emerging threats and to prevent and eradicate malware that antiquated security solutions miss and leave behind. For more information, please visit us at https://www.malwarebytes.com/.

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.




Follow us on Facebook.

Follow us on Twitter.

Follow us on LinkedIn.

See us on YouTube.

Read our latest Malwarebytes Labs blog.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.