Ransomware has consistently been one of the most prolific, destructive, and concerning cyber threats of the last many years. We have seen cities brought to their knees by SamSam, a global rapid outbreak of WannaCry, and even destructive malware masqueraded as ransomware in NotPetya. Ransomware, it may seem, has no plans to go away anytime soon. However, that may not really be the case as there are inherent problems for hackers when they launch ransomware attacks coupled with the rise of a new money making scheme: cryptocurrency mining.
The problem with ransomware is not that it is not making cybercriminals money, its that it is loud and destructive. Both of which draw the attention of law enforcement, intelligence agencies, and cyber defense companies and organizations.
Cybercriminals do make money with ransomware. The problem is that it is loud and destructive. Both of which draw the attention of law enforcement, intelligence agencies, and cyber defense companies and organizations.
When ransomware infects a computer, it is designed to draw attention and get the victim to panic and pay the ransom. In an attack like WannaCry, hackers successfully infected hundreds of thousands of devices in a matter of hours. When an attack like SamSam brings a city like Atlanta to its knees or when NotPetya (again not really a ransomware) destroys critical data and computer systems, it is bound to get the attention of the FBI, Interpol, CIA, NSA, etc. All groups that most hackers would prefer not to have hunting for them.
So what if there is a better, safer way for cybercriminals to make the same amount of money, but doing it in a way that is quiet, does not draw attention, and results in little to no risk of data loss for the victim? If such an exploit did not draw the attention of those aforementioned scary organizations, companies are less likely to both identify and remove the malware, and if they do find it are less likely to declare a critical breach and bring in law enforcement and security incident response teams.
The solution for cybercriminals is cryptocurrency mining, otherwise known as cryptojacking. Crypto mining is not malicious activity in and of itself. Anyone can legitimately do it on their own computers and even some website proprietors use it as an extra revenue stream by using visitors’ excess browser processing power to mine when their site is visited (though admittedly, this is shady behavior). So what cybercriminals are doing is launching crypto mining botnets that either infect computers or infect websites. It then uses the impacted computers excess processing power and some bandwidth to mine crypto for the hacker.
The victims of such an attack are not having any sensitive data stolen, files are not being encrypted or destroyed, passwords are not being changed, and hackers are not remotely accessing the network. In essence there is no actual data breach – even if malware is on the network. (It should be noted, that it is possible that crypto malware could have built in backdoors or other exploits).
The only thing holding crypto mining malware from being even more valuable is simply the low current value of crypto currency today. If such values persist or even continue to drop, perhaps cybercriminals pull away. More likely, however, is that the currency values stabilize before too long and begin to rise again.
So now cybercriminals – whose whole goal in most situations is simply to make money – are able to make that money in a much safer way. Naturally, no one wants crypto mining malware on their computers, so there is still a high risk of hackers losing the access, but that’s the nature of the business. Not only is it logical and likely, but the trends are showing that Ransomware attacks may well be decreasing as cryptocurrency malware is on the rise.
About Security On-Demand
Security On-Demand is an industry pioneer and recognized innovator within the managed security space. We are leading the industry in threat detection through behavioral analytics and machine learning. In the last year, we have detected and observed an increase in cryptocurrency mining activity about 300% over 2017. We have signatures, indicators, and analytics in place to identify both crypto mining and ransomware activity.