Ransomware Declines as Cryptocurrency Malware is on the Rise
By Jon Sands, AGS Core Technologies
Ransomware Declines as Cryptocurrency Malware is on the Rise — Stuart, FL.
Good news from the cyber security realm, for once. Ransomware attacks are on the decline, for the first time in fifteen years, according to a report from Microsoft. Unfortunately, there has been a rise in mining malware to replace the lost revenue.
For the past few years, ransomware has been a major headache for computer users. Various definitions infect PCs, encrypt files, and demand payment in cryptocurrency to restore the documents.
Most noteworthy are the examples of Bitcoin, Monero, and Dogecoin; cryptocurrencies making many people rich worldwide. Mining these virtual resources takes time, energy and a lot of computing power. Unfortunately, there are a rash of hackers and new malware definitions on the scene repurposing computer systems, worldwide, to mine these cryptocurrencies. While these processes are occuring in the background, machine lose performance and it takes a toll.
These cryptocurrencies can be a pain to obtain and transfer to hackers at short notice. Once obtained, there is no guarantee these criminals will hand over the decryption key. The good news is antivirus and Remote Monitoring and Management tools are getting better at stopping and isolating ransomware infections. The results have been people don’t need to pay up.
It’s no wonder that criminals are cutting out the middle person, the human victim, and infecting machines with remote-controlled malware.
This malware quietly mines alt-coins and deposits the digital money back to the hackers. A single hijacked box can typically mine about $.25 of Monero a day. Multiply that over hundreds of thousands of machines, and it adds up to a nice little earner. According to Microsoft researchers, criminals are shifting from ransomware attacks to direct infection with stealthy mining software.
Across Asia, one group of hackers has utilized over 30,000 machines ans mined 3.6 million dollars of Monero cryptocurrency. As a result, these mining bots are cranking out $8,500 a day, according to Microsoft. The malware has hijacked something over 500,000 Windows machines, which are typically servers and mostly in Russia, India, and Taiwan. Dozens of computers search the internet for vulnerable devices and take them over using EternalBlue. EnternalBlue is an automated cracking software which attacks Windows network file-sharing services.
What’s important to remember about ransomware is that it’s easy for the right security tools to detect and block. The tools work by looking out for programs that start meandering their way through file systems to encrypt the contents of various documents. There are not many everyday applications behaving in this manner.
Currency mining software, on the other hand, doesn’t do anything out of the ordinary apart from consuming processor time.
Its easy for a miner to infect a computer, a victim is typically tricked into opening a Microsoft Word file or some other Office document.
Once opened, the nasty file downloads the mining software from online storage and gets to work chewing up valuable bandwidth.
A computer user might notice two things if a miner is installed, the occasional transfer of funds out of the system and an increased CPU load on the infected machine. Hackers can configure their malware to send back mined coins daily. As a result, this process increases the chance of getting caught. Waiting too long between deposits and all the purposed funds are lost once infection is found and quarantined.
Keeping up with the latest virus definitions and infections is tough work. Having the latest definitions and a proper technology provider is important and vital to keeping business machines clean and running as efficiently and profitable (for business owners) as possible.
Jon Sands is the Business Development Executive for AGS CORE Technologies in Stuart. AGS CORE Technologies is a local technology firm on the Treasure Coast, specializing in cyber security and outsourced IT.