Ransomware, Cryptojacking, and Fileless Malware: Which is Most Threatening?

Ransomware, Cryptojacking, and Fileless Malware: Which is Most Threatening?

Cybersecurity, especially in endpoint security, faces digital foes too numerous to list in a single article; we’ve tried at least once. Experts and industry observers work tirelessly to supply enterprises with up-to-date threat intelligence on hackers’ preferred tactics as they change and adapt.

After all, hackers continue to evolve their malware to bypass traditional endpoint security solutions and evade their capabilities. Each new threat constitutes a potential catastrophe for enterprises of all sizes. A data breach can completely destroy small-to-medium sized businesses; moreover, a single breach can cost $3 million on average—a significant blow even to larger businesses.

Among all of these threats, three categories of digital cyber attacks pose the most risk to enterprises at present: ransomware, cryptojacking, and fileless malware. Yet which malware branch is most the threatening? Which malware category should enterprises work to prevent with the most concentration?

We analyze ransomware, cryptojacking, and fileless malware—their strengths and weaknesses against endpoint security solutions and security teams. Here’s what we found.

Ransomware: The Hostage Taker

Of the three—ransomware, cryptojacking, and fileless malware—ransomware possesses the most famous reputation. Certainly, it remains one of the oldest malware categories still in usage by hackers.

By design, ransomware infiltrates enterprise networks and holds either selected crucial databases or entire environments hostage. Hackers only release these files or networks if their victims pay them, usually in a form of cryptocurrency. Additionally, payment doesn’t guarantee safety until the attack vector the hackers exploited is closed.

Usually, hackers attempt to disguise their ransomware attacks as legitimate, as much as proves possible. For example, hackers may pose as a law enforcement agency accusing the victim of a crime; the victim often becomes sufficiently scared and fails to process the threat rationally. For the record, law enforcement agencies never do this. 

However, while still a popular cyberattack tactic, ransomware poses many problems for hackers.

Loud But Effective

Of the three threat categories—ransomware, cryptojacking, and fileless malware—ransomware attracts the most attention by design. After all, the victim can’t pay a ransom unless they become aware of the ransomware. This allows IT security teams and endpoint security providers to quickly track down the threat’s file location and remove it, denying hackers their reward.  

Therefore, ransomware in modern times often proves less successful than their counterparts; this in part explains why the number of ransomware attacks decreased over the past few years.

Yet anyone who assumes ransomware no longer threatens enterprises makes a terrible mistake. Ransomware has only taken a new form, evolving to become more targeted to high-value victims. More specifically, ransomware evolves to become a large enterprise problem rather than an SMB issue. Indeed, hackers often combine ransomware with spear phishing.  

Cryptojacking: The Silent Exploiter

For years, ransomware wore the crown as the top malware of choice among ransomware, cryptojacking, and fileless malware. However, now cryptojacking holds the horrible title, and for understandable reasons.

Cryptojacking, the condensed name for cryptocurrency mining malware, takes the opposite route to ransomware; it is quiet where ransomware is loud. Cryptocurrency mining, on its own, refers to an extensive calculations process which rewards the miner with a set amount of cryptocurrency.

Hackers use malware to infect victim computers with a code which performs this cryptomining process on their endpoints. That way, the victim endpoint suffers the consequences of reduced processing power and increased electrical bills which come with the mining programs. Meanwhile, the hacker reaps all the rewards.  

Moreover, cryptojacking can create actual analog damage by overtaxing enterprise electrical systems, causing untold amounts of damage.

Dependent on Outside Markets

The signs of cryptojacking attack can prove hard to notice at first: slowed business processes, unexpected endpoint shutdowns, higher electrical bills, etc. This subtly works to the hackers’ advantage, as it allows their malware to dwell for long periods without detection. Thus, it can generate more profits over time.

However, cryptojacking suffers from a dependency utterly unique to its threat category. Namely, it depends on the value of cryptocurrency. As the value of cryptocurrency rises, so too does cryptojacking attacks. But the opposite also holds true. Currently, cryptojacking seems to fade as cryptocurrency undergoes a downturn.

What does that leave?

Fileless Malware: The Darkening Shadow

The drama of the subtitle actually understates the danger of fileless malware. Of ransomware, cryptojacking, and fileless malware, fileless malware is both the youngest and perhaps the most dangerous.

Fileless malware, as the name suggests, doesn’t behave as traditional malware. Malware usually downloads a file onto the victim device or enterprise environment; this allows the legacy antivirus solutions to locate and remove them.

Fileless malware doesn’t do this. Instead, it uploads a program to a native process on the endpoint such as Java or PowerShell. Then fileless malware forces the native program to run its code, which performs the malicious task concealed behind its normal processes. Legacy endpoint security systems, which depend on traditional threat signatures, can’t possibly detect these attacks. Often, fileless malware leaves no trace of itself behind.

Hackers increasingly adopt fileless malware attacks because, especially against legacy solutions, they prove largely successful.

Time for an Upgrade?

Thankfully, most next-generation endpoint security solutions work to improve their prevention and EDR capabilities to reduce the effectiveness of fileless malware. However, many enterprises continue to hold fast to their inadequate legacy antivirus solutions.

IT decision-makers often value familiarity and comfort over security when it comes to their endpoint protection platforms. If your enterprise wants to defend against fileless malware, it’s time to update your cybersecurity platform. A next-generation endpoint security solution must become a vital necessity in your business processes.

In fact, facing the continual evolution of ransomware, cryptojacking, and fileless malware requires a next-gen endpoint protection platform. Legacy solutions can’t match the threat intelligence and security upgrades provided by modern endpoint security.

Of course, our list doesn’t cover the whole of all threats, such as formjacking. But these three categories constitute the most common attack tactics and thus the greatest worries. Does your enterprise feel prepared to face these digital threats in their new forms?

To learn about endpoint security, be sure to check out our 2019 Buyer’s Guide!

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *