Cryptocurrency mining malware, Ransomware, and who is at risk

By: Chase Alexander


It is no secret that hackers are trying to gain something when they carry out an attack on a target, usually money. However the way that they do this can vary. It does not always mean that they are stealing credit card information, or bank account logins. Another way to exploit hacked targets is through cryptocurrency mining malware. There is also malware that takes over a system until a ransom is paid. Today I would like to look at three things. Ransomware, cryptocurrency mining malware, and who is at the greatest risk for these kinds of attacks.

First I am going to examine ransomware. This is an interesting case, as it has been around for quite some time now. The attack method dates all the way back to 2016. You would think that they would have been stopped by now, and you would be somewhat correct. Gone are the days of spreading ransomware through spam emails and outbreaks, where the philosophy was to cast a net as wide as possible and see what we catch. Today ransomware exists as a targeted attack on an individual or specific group. The goal of doing ransomware attacks this way is to carry out one strong attack, which will yield more reward then many weaker attacks. So how do they work? You gain entry into a system via weak Remote desktop protocol passwords. Escalate your privileges up to administrator. Use your new privileges to overcome security software. Spread your ransomware to encrypt files on the system. Finally leave a message with the ultimatum,” If you want your files to be decrypted, contact via email or dark web website.” And then you wait. If they pay the ransom, then mission success for the hacker. If they do not pay the ransom then it is almost inconsequential to the hacker. They will just move onto the next target and try again.

The other form of attack that is of interest is a cryptocurrency mining malware. What this attack does is take over a machine and use it to mine cryptocurrency for a hacker. This attack is very different because it requires no interaction between the hacker and the hacked. Unlike the previous method, this one allows the hacker to try and remain undetected. For ransomware, the hacked has the choice to either give up their machine and data, or give into the hacker. This method though gives no choice to the hacked. If they don’t hear their computer fan operating louder, then they will have no idea that they have been hacked. In addition to these facts, cryptocurrency is effectively an unregulated currency. This means that once the hacker has it, they are in the clear. If a hacker were to steal bank account credentials, there are still difficulties with actually attaining the currency inside of those bank accounts. A problem with this method however is that the profits are not immediate, they take time to incur. If ransomware is successful, then profits are made instantly.

So who is at risk for these attacks? Ransomware attacks are targeted attacks. They go after one group or individual. That group or individual will have to give up money in order to secure themselves. It is as simple as this; if you do not have money or credit, you are at a very low risk of this attack. The goal of ransomware is to get ransom. A hacker will go after someone who they know will be able to pay ransom. They are not going to go after the poor because they have very little to offer. A cryptomining attack however can happen to anybody. You don’t need any money or credit, if you have a computer it can be used for mining cryptocurrency. In terms of large targets we can look at Vietnam. Last year malware cost Vietnam 12.3 trillion VND or the equivalent of 540 million USD.