Traditional ransomware attacks are in decline as businesses refuse to pay up—but according to a new report by cybersecurity firm SonicWall, cryptocurrencies are still being used to extort unsuspecting victims.

A staggering 332.3 million cryptojacking attacks were recorded in the first half of 2023—a 399% increase when compared with the whole of last year. To put this figure into context, that's more than 2020, 2021, and 2022 combined.

Cryptojacking involves exploiting servers and devices belonging to other people to mine digital assets, with privacy-centric Monero being the most popular. Those affected may not even realize that they are victims; they may just notice that their machines are running slower than usual.


Spencer Starkey, VP of EMEA for SonicWall, told Decrypt via email that the biggest symptoms of cryptojacking include a slower response on devices, surprisingly higher electricity bills, and excessive fan use brought on by overheated batteries.

"As cryptojackers aim to go undetected for as long as possible, it can be perceived as a 'victimless' crime, compared to impactful malware such as ransomware or banking trojans," Starkey said.

And while you may think that declining Bitcoin prices would prompt malicious actors to divert their criminal activities elsewhere, SonicWall's research suggests market downturns have actually had the opposite effect—with the number of attacks surging as criminals battle to make the same profits.

"Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organizations at unprecedented rates," SonicWall's president and CEO Bob VanKirk said in a news release emailed to Decrypt.

The figures suggest that malicious actors are looking for less expensive—and less risky—ways of making a quick buck.


According to SonicWall's midyear report, the US, Denmark, Germany, France, and the United Arab Emirates were most affected by cryptojacking, with the whole of Europe witnessing a 788% rise in the number of incidents.

This research paints a picture of cybercriminals continually shifting their tactics to evade capture. One common method for targeting victims in recent months has been to distribute HonkBox cryptojacking malware in cracked versions of the video editing software Final Cut Pro. As the old saying goes, there's no such thing as a free lunch.

And while cryptojacking may seem kinder than encrypting a company's files and threatening to release them unless Monero is paid, those behind these attacks still lack scruples. Incidents targeting the healthcare industry were 69 times higher in the first half of 2023 than over the same period a year earlier. The education sector also saw 320 times more attacks.

"Hackers search for the weakest points of entry, with the lightest possible repercussions, limiting their risk and maximizing their potential profits," SonicWall's vice president of product security Bobby Cornwell said.

While it might be a little early to write off the threat of ransomware—which brought the UK's National Health Service to its knees in 2017 and slowed the Colonial Pipeline to a standstill in 2021—these sobering figures indicate that crypto-hungry hackers aren't going anywhere.

Starkey went on to warn that cryptojacking has been adopted by nation-state-backed threats, all the way down to employees who are deploying miners on corporate infrastructure without permission.

"Because of its covert detection footprint and return on investment for actors—adoption will likely continue to grow across the threat actor ecosystem," he said.

Stay on top of crypto news, get daily updates in your inbox.