While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.
Cybercriminals started to deliver mining payloads that were often packaged with ransomware and other kinds of malware.
This year, big cryptomining botnets began infecting not only Windows and Linux machines but also websites and various IoT devices. Within a year, the number of cryptomining malware strains grew several thousand percent, making it a huge threat to computer systems everywhere.
While it might not seem dangerous at first, illicit cryptomining can actually create a lot of problems. Let’s examine why.
Who is under threat?
When it comes to cryptojacking, just about any internet-connected device with a CPU can be a target. As always, most attacks focus on Windows-based machines and servers because they are so prevalent and popular, although Linux servers are another favourite. Servers are particularly attractive targets as they usually run 24/7, making them ideal candidates for illicit cryptomining.
Does this mean cybercriminals won’t bother with mobile devices, tablets, printers, routers and smart TVs? Of course not. They’ll steal computing power wherever they can get it, but those devices are less effective and less profitable.
The effect of Cryptojacking
A malware infection that steals system resources might not sound like a big threat, but illicit cryptomining can create serious consequences for the affected systems, networks and businesses, including:
Let’s look at how a cryptomining malware attack might affect a real-life business. The target is a mid-size company, and all 200 of their endpoints are infected. The continuous mining causes their electricity bills to skyrocket. Machines are slower than usual, but not too bad, so employees simply ignore the situation. The slower machines mean they are less productive, but there’s no red flag that requires a call to a system administrator. As a result, the infection goes unnoticed for a couple of months.
During that time, a backdoor is installed that begins stealing confidential information. After two to three months, the strain of the 24/7 overload causes a couple of servers and an accounting endpoint machine to go down – stopping operations.
After a few days of downtime and a costly investigation, the company loses several hundred thousand dollars. In the end, it’s leaked to the press that confidential data has been lost, which causes tremendous damage to the company’s reputation.
Acronis Active Protection extended to fight Cryptojackers
The good news is that you can avoid this scenario with Acronis Active Protection-enabled products like Acronis True Image 2019 Cyber Protection and Acronis Backup. As a cyber protection company that cares about data safety and constant availability, Acronis has watched the evolution of cryptojackers closely. In addition to the potential threat to data availability and manageability, many strains of cryptomining malware often add a ransomware payload as well, so it was clear that Acronis Active Protection’s set of technologies needed to be upgraded to protect against illicit cryptomining.
The set of heuristics that are a foundation of Active Protection was expanded to detect the following scenarios on a Windows system:
Those four scenarios cover all the known threats from illicit mining, so detecting them allows Acronis to deliver the necessary protection.
For Acronis True Image 2019 users, cryptomining detection will look almost the same as ransomware detection.
When mining malware is detected running on the system, Acronis True Image notifies the user so they can make decisions of how to deal with it – blacklisting malicious processes and whitelisting a known process (if the user is running a legitimate mining app, for example). Acronis Active Protection does not include detection of browser-based cryptojacking, since those attacks are easily thwarted by browsers themselves or via 3rd party plugins that are readily available in browser stores.
Acronis’ experts also plan additional developments to make further enhance the detection of cryptomining malware. Among the refinements already in the works are:
What else you need to do to defend yourself against Cryptojacking
Both home and corporate users need to follow some security rules to be on a safe side. In addition to using solutions that include Acronis Active Protection, we recommend the following to combat illicit cryptomining attacks: