Cryptominers: The New Top Threat to Your Endpoints

Ransomware has been dominating headlines recently. In 2017, ransomware broke into the popular conscious, thanks to high-profile attacks like WannaCry and NotPetya. However, ransomware is no longer the top cybersecurity threat. According to the Comodo Cybersecurity Threat Research Labs’ Q1 Global Malware Report, ransomware has been replaced as the top cyber threat by cryptomining software, with 10 percent of malware incidents in the first three months of 2018 related to cryptomining.

There’s no “one size fits all” solution to deal with cryptominers. However, with data-level visibility into all file activity on your endpoint devices, you can locate and remediate cryptominer infections.

A paralyzing threat that’s hard to see

Cryptominers hijack resources from the owner of a device for the attacker’s profit. On a single machine, cryptominers may cause a performance drain, but it can be subtle enough to go unnoticed by a user. However, cryptominers don’t typically infect just one machine; attackers more commonly deploy botnets of infected systems working in tandem to make their money off of your equipment–and potentially your customers. One system vulnerability is invariably linked to many others, which means your whole network could potentially be exposed to further exploits and other cybercriminals.

In addition to exposing your customers to risk, a widespread cryptominer infection can cause an enterprise-wide resource drain that can also have real effects on productivity. Cryptomining also comes with huge energy costs. A big spike in your electricity bill is one of the surest signs of illicit cryptomining in your enterprise. 

Locating cryptominers can be tricky. Some variants are scripts embedded in websites that can be addressed with ad-blocking software. Others (which tend to target large enterprises) aren’t as easy to deal with. More sophisticated miners are often hidden within image files on compromised web servers. When users visit a compromised site or click an email link, the cryptomining tools attempt to plant the malicious image files on their machines.

Rooting out cryptomining software

If you have a data visibility tool that can search across your organization’s endpoints for specific files and file metadata, you can locate malware in your organization. In the case of cryptominers, using a forensic file search tool to search for javascripts associated with known cryptomining tools can tell you where those scripts exist. Once located, the infected endpoints can simply be deleted. In the case of more serious infections, the machine can be reverted back to a point before infection with your endpoint backup solution. 

Cryptomining software is one of the more challenging malware categories to deal with because there are so many varieties in existence. And, because the impact on an individual machine may be minimal, it is tempting to just ignore the problem. But, according to Malware Bytes, “unmanaged cryptocurrency miners could seriously disrupt business or infrastructure-critical processes by overloading systems to the point where they become unresponsive and shut down.” With comprehensive visibility into the data and metadata in your organization, you can more quickly identify and respond to cryptominers when you first suspect infection.