Numerous studies have found that most current malware attacks are designed for cryptojacking. In fact, new coin miner malware jumped a mind-boggling 1189% in the first three months of this year according to Raj Samani, chief scientist as McAfee. At the same time, ransomware attacks dropped by 32%, he says as a direct result of the 81% drop in Android lockscreen malware.
Cryptojacking has certainly not eliminated ransomware. Ransomware is still a huge problem, and sites such as Data Keeper which provides customized ransomware for others to distribute does not help. And as the year progresses, more large organizations are attacked than ever before like Allscripts, Hancock Health and even the City of Atlanta. The most prevalent crypto-locking malware in circulation is Gandcrab, which transacts ransom payments through the dash cryptocurrency rather than bitcoin.
Cryptocurrency mining malware infects systems and uses their CPUs to hunt for coin and increase cryptojacker profits. But the market volatility of the bitcoin value appears to mirror the rise and fall of attacks. Jackers will typically sneak mining malware onto systems via malware downloaders such as fake lotteries, or by infecting browser scripts that cause legitimate sites to serve the code. Experts say the most common code comes from Coinhive, a site where anyone can use their monero script for a 30% cut of profits. Cryptocurrency mining campaigns that infect enterprise servers for big money—Wannamine malware harvested about $2 million and Winder’s botnet earned $500,000 from mining.
Fortunately, defending against the mining malware requires the same tactics for any other type of malware. Don’t open phishing emails, run up-to-date backups, and have anti-malware software in place. For businesses, take those steps even further, and add in regular security audits and reporting all cryptomining infections to authorities.