Cryptojacking Malware: What It Is and How to Fix It
Cryptojacking is a cyberattack like no other. Attackers don’t steal your data or ransom off access to your network. Instead, they commandeer your hardware when you’re not looking and redline the processors to mine cryptocurrency.
This rise in malware corresponded to the astronomical rise in cryptocurrency’s value. By December 2017, Bitcoin was worth nearly $20,000 — or 20 times the average ransomware payment at the time. Today, that price has settled to an average of just over $6,000 — but that doesn’t mean cryptocurrency’s dominance is waning.
Some startups may falter or fail, but cryptomining isn’t going anywhere, and neither is the malware that exploits it. Decentralized currency has been revolutionary, and it’s easy for hackers to exploit that by simply “borrowing” your computer when you’re not using it. No matter how much or how little they use it, they get a 100 percent return for every processor they infect.
Cryptojacking Is Here to Stay
The blockchain technology that powers Bitcoin and similar companies is what makes cryptocurrency much more than just a trend. Besides decentralizing currency, it’s being used for legal, agricultural, real estate, and other industry applications. However, the ability to create wealth digitally is what makes it a prime target for hackers.
Mining cryptocurrency isn’t illegal, but it does take a substantial investment in hardware to create any amount of substantive wealth. For instance, you could invest several thousand dollars in the most powerful laptop with multiple high-end drives and eventually recoup your investment.
For a hacker, though, it isn’t about investing money in new hardware. It’s about pouring time into writing malicious code that will give them access to thousands of processors around the world. That is ultimately much more cost-effective than investing in their own hardware.
Cryptojacking malware is written specifically to hide once it’s in your system and activates only when your computer becomes idle. It doesn’t compromise your data or access to your network. In fact, the most effective codes leave almost no footprint because their goal is to remain as long as possible.
Warning Signs to Watch For
The fact that you might never know it’s there makes cryptojacking the phantom of malware. But maxing out your hardware’s operating capacities every night will eventually lead to odd tech behaviors, and that can act as a warning sign. Plus, hackers still have to retrieve their prize, which often leaves a handy trail of breadcrumbs to follow if you know what you’re looking for.
For example, even during peak business hours, employees don’t usually do enough at one time to push their computers to the max (except for IT personnel, graphic designers, and other tech-heavy roles). On average, the equipment they use should last for several years before slowing down and showing its age.
But if those same PCs and laptops are being switched on and maxed out after everyone leaves each night, they won’t last nearly as long. It may not be immediately obvious, but the processors will burn out sooner than expected. This can lead to employees having trouble maintaining their productivity and you upgrading your infrastructure years earlier than you originally planned.
Fortunately, you don’t have to wait until your hardware starts to crumble before recognizing these signs. Performance monitoring tools can detect when certain devices are running at 3 a.m. and how much juice they’re using. Analytic software can track down and identify outbound communications to places where your hardware shouldn’t be communicating.
Even more fortunate is that cryptojacking tools have the same weaknesses as all other forms of malware. For instance, they work only if you let them in. Proper preventive and security measures can usually protect your network from them, and even if your system is infected, the virus can be routed out before it causes significant damage.
How to Protect a System Through IT Security
The first step to protecting any system from malware is to invest in decent antivirus software, including anti-spam and anti-phishing filters for your email platforms. Along with ransomware and other malicious code, cryptojacking happens through email phishing techniques. It’s also useful to invest in a high-quality backup system, preferably on-premise and cloud-based, to protect your data in worst-case scenarios.
Such solutions are as cost-effective as they are essential, but they work only if you train employees to stay diligent against any attacks that might make it through. Tricks like display-name spoofing can fool some anti-phishing tools, and overconfident employees might still invite in cryptojacking malware without realizing it.
If your system is infected, then performance monitoring and analytics tools can reveal the malware’s incriminating symptoms. Depending on the extent of the virus, restoring your system may require routing it out or resetting it and starting fresh with your backed-up data.
If you’ve partnered with a managed IT service provider, it can run a comprehensive systems analysis to scan software registries and measure each device’s performance. After stripping the code from your system, your provider will run a thorough retest before giving it a clean bill of health. Then it’ll help you ensure proper security measures are in place to prevent it from happening again.
Printing money is a thief’s dream, and with cryptojacking being so lucrative, it isn’t likely to disappear or fade. Sooner or later, it could hit any company, so implementing sound protective methods is crucial. Put in place strong antivirus software, know how to recognize the symptoms, and if worse comes to worst, know how to recover as effectively as possible. Even if you can’t avoid cryptojacking malware, you can minimize its damage by staying a few steps ahead.
Originally published at readwrite.com on August 1, 2018.