Ransomware is dramatic and can be frightening for victims. From average home users manipulated by tales of illicit and embarrassing files on their computers to businesses strong-armed into paying larger sums to regain access to critical files. Ransomware, however, is in serious decline. Data shows that the number of users attacked by cryptomalware or crytominers dropped by nearly half, from 1,152,299 in 2016–2017 to 751,606 in 2017–2018. Meanwhile, crafty cryptominers have moved up to take ransomware’s place, invading users’ and businesses’ computers and devices and taking advantage of their power to put cryptocurrency in the pockets of thieves. Over the same two-year period, cryptominer encounters rose in total number, from 1.9 million to 2.7 million, as well as in share of threats detected, from 3% to 4%.
What Are Cryptominers?
Cryptominers are tools that “mine,” or generate, new units of a cryptocurrency like Bitcoin. They do so by completing mathematical puzzles that constitute what Hacker Noon’s Chris Herd calls “proof of work calculations” for the new units. The process of mining doesn’t just generate cryptocurrency; it also adds, secures, and verifies transactions to the blockchain.
A deeper dive into how cryptocurrencies work is necessary to better understand cryptominers. Digital currency like Bitcoin runs on the blockchain, a ledger of transactions which is distributed across the entire community of users who own units of that cryptocurrency. Benzinga staff writer Shanthi Rexaline explains it’s here where mining comes into play:
Every single transaction made and the ownership of every single cryptocurrency in circulation is recorded in the blockchain. The blockchain is run by miners, who use powerful computers that tally the transactions. Their function is to update each time a transaction is made and also ensure the authenticity of information, thereby ascertaining that each transaction is secure and is processed properly and safely.
Every 10 minutes, mining computers collect a “block,” or a few hundred pending Bitcoin transactions, and turn them into a mathematical puzzle. Those computers then use special equipment to compete against one another to solve that puzzle. Whoever completes the challenge first is eligible to receive a reward of 12.50+0.943 BTC, which is worth approximately $113,834.49 USD as of 7 February 2018.
The Economist explains that the first miner to find the solution to the mathematical puzzle can announce it to the Bitcoin community. At that point, the other miners verify if the solution is correct. Assuming it is, the block is cryptographically added to the ledger, with the miners moving on to the next grouping of transactions, thereby adding to the blockchain.
Brief history about Cryptominers
Signs and Symptoms of Cryptominers
Whereas ransomware enters with a flourish and freaks out its victims, cryptominers strive to remain hidden. Actually, the longer they toil, the greater the perpetrators’ profit. And as a result, victims may not notice them for a time.
If you decide to try mining for yourself, you must anticipate the impact mining has. Someone else secretly using your electronic resources plays things a bit closer to the vest, but they can’t act in complete secrecy. A PC or mobile device secretly mining for currency may show subtle or obvious changes:
- System response will slow; the device’s memory, processor, and graphics adapter are bogged down completing cryptomining tasks.
- Batteries will run down much faster than before, and devices may run quite hot.
- If the device uses a data plan, users will see data usage skyrocket.
How Malware Authors Are Abusing Cryptomining
Cryptomining isn’t itself malicious in nature. But bad actors are abusing it for nefarious purposes. They’re doing so by illegally accessing important business assets such as servers used for electronic medical record (EMR) systems or the back-ends for corporate websites and installing cryptocurrency miners on them. This software generates new digital currency for the attackers all the while hijacking the affected asset’s CPU and driving up its power demands. With those affected resources lacking specialized rigs designed for mining cryptocurrency, cryptominers slow down business processes and drive up the organization’s electricity consumption.
Sophos CTO Joe Levy thus has no tolerance for organizations that justify the use of cryptominers for the purpose of generating advertising revenue and don’t tell users:
When this software is run in any user’s browser without an organization’s consent, it is parasitic, and should be considered malware because we don’t have something called parasiteware today.
Driven in part by Coinhive’s popularity, malicious cryptominers expanded their reach considerably in 2017. These tools victimized 1.65 million clients’ computers in the first eight months of the year. IBM’s X-Force team tracked a six-fold jump in cryptocurrency mining attacks aimed at enterprise networks over the same period.
Staying safe or recovering
If your suspicion has been raised by the above mentioned symptoms, take the following steps to ensure your system or device is clean — and stays that way.
- Update your operating system and all software regularly. We suggest starting right now.
- Distrust e-mail attachments by default. Before clicking to open an attachment or follow a link, consider carefully: Is it from someone you know and trust; is it expected; is it clean? Hover over links and attachments to see what they are named or where they really go.
- Don’t install software from unknown sources. It may and often does contain malicious cryptominers.
- Use a strong security solution on all computers and mobile devices, such as Kaspersky Internet Security for Android or Kaspersky Total Security.
- Help educate your team about safe e-behavior, whether that is family members at home or coworkers in the office.
Malicious cryptominers will likely continue to increase in number in 2018. Fortunately, users can take steps to protect themselves against this growing threat.
They can begin by installing a browser extension that targets popular cryptominers. minerBlock and No Coin are two of the most popular of these solutions. They work like an ad-blocker by allowing users to block offending domains and add them to a blacklist.
Cryptomining malware, or cryptocurrency mining malware or simply cryptojacking, is a relatively new term that refers to software programs and malware components developed to take over a computer’s resources and use them for cryptocurrency mining without a user’s explicit permission.
Cyber criminals have increasingly turned to cryptomining malware as a way to harness the processing power of large numbers of computers, smartphones and other electronic devices to help them generate revenue from cryptocurrency mining. A single cryptocurrency mining botnet can net cyber criminals more than $30,000 per month, according to a recent report from a cyber security company.
Unauthorized Cryptomining a Growing Epidemic
And unauthorized mining activity from cryptomining malware has become so prevalent that ad blocking firm AdGuard estimates more than 500 million users are mining cryptocurrencies on their devices without realizing it. These users either get infected by a cryptomining malware program or visit websites that stealthily run cryptomining software in the background without the user’s consent.
While many cryptomining malware and cryptojacking programs target desktops and laptops to mine cryptocurrency, others target smartphones and tablets. One of the more powerful cryptomining malware programs, dubbed Loapi by Kaspersky Labs, is designed to hijack an Android smartphone’s processor to mine cryptocurrency and is so intensely invasive that it can overheat the phone’s battery and physically damage the device.