Ransomware hits have become infamous over the last couple of years. Major companies, even national services, have ground to a halt under the pressure of these vicious malware attacks. In 2017, what was described as a global cyberattack infected and affected devices in roughly 150 countries.
Ransomware cons you into opening an attachment or clicking on a link, perhaps by convincing you your bank has been hacked and you need to change your password now. It might also pose as internal emails from your own company, such as “install this update now” links. Once you click the link or open the attachment, you allow a nasty piece of malware to lock up your entire system, demanding immediate payment in return for you regaining control of your systems.
Ransomware = Downtime
Obviously, this is a nightmare for business owners. Having your entire system tied up for hours on end while you either clean your system and install a backup or figure out another way to fight the malware does nothing for your bottom line. When time is money, businesses simply can’t afford these delays. The criminals that distribute ransomware are well aware of this fact, and they count on panicked business owners to simply give them the money rather than risk losing valuable business hours.
There’s a new wave sweeping the criminal underworld, though, one that’s much more subtle and insidious than ransomware yet could potentially be as disruptive.
Cryptocurrencies have been on the rise for a while now. Bitcoin is the most well-known example, but there are lesser-known ones too. Some are very valuable, others not so much. You can buy cryptocoins just like any other type of money, but you can also earn tiny amounts of currency by processing the banking transactions of the digital coins. This is called “cryptomining,” and it’s perfectly legal. In fact, it’s absolutely necessary for the day-to-day running of any digital currency.
An honest cryptominer would have a dedicated computer set up with specialist software. However, a sneaky type of cryptominer has evolved, known as a cryptojacker. The cryptojacker doesn’t bother having their own setup for mining; they steal someone else’s. They use malware, again through links or hidden in attachments, just like the more well-known ransomware. But this time, there’s no obvious system lockup, and no demands for cash.
The malware sits quietly in the background of your device, whether that’s a phone, a tablet or your office computer. If your office computer is connected to a work server, the malware will usually spread throughout the entire server, infecting as many devices as possible. Why? Because each of these devices now uses as much of its processing power as possible to “mine” digital currency and send the rewards back to the cryptojacker. Cisco Talos estimated that an ambitious cryptojacker could make $100 million a year, based on the number of devices hackers could infect.
But is it illegal?
OK, so the cryptojackers aren’t stealing directly from your pocket. What they are stealing is your time, your resources and the processing power of your devices. Cell phones and tablets suddenly run out of battery in crucial meetings or when you are out on the road. Business critical files won’t upload due to the system being completely tied up. And yes, it is illegal to hack into someone else’s device, for any reason, even if the money the perpetrator takes doesn’t belong to the victim.
What can you do? A robust and modern cyber security plan is a must, so ensure you have an IT support team who are aware of the dangers. Don’t click on any links or attachments you aren’t expecting to receive, and if you are unsure, delete the email immediately. And if your system or cell phone suddenly starts slowing down, don’t ignore it. Get it checked out straight away.