In the world of digital thievery, a business model pivot is apparently underway.

Over the past year cybercriminals have shifted their focus from ransomware attacks to so-called cryptojacking. That’s the marquee finding out of a new threat report published by IBM this week: Instances of the former money-making scheme were down 45% in 2018, while occurrences of the latter surged 450% in the same timespan, per IBM’s data.

Whereas with ransomware, hackers were locking up victims’ computer files and reinstating access only after being paid a ransom, cryptojacking has involved hijacking people’s computers to “mine,” or run programs that produce, cryptocurrency. These mining scams have been caught everywhere from websites of the U.S. court system, to Google Chrome extensions, to Tesla’s cloud-computing infrastructure, and beyond.