New Release: Email Security Awareness Training- Empower your team to proactively combat email threats with easy-to-launch phishing simulations and assessments Learn More
New Release: Email Security Awareness Training- Empower your team to proactively combat email threats with easy-to-launch phishing simulations and assessments
Learn More
How to Avoid Crypto Malware

How to Avoid Crypto Malware

Mark Liapustin Mark Liapustin
January 20, 2022
The term Crypto Malware describes two types of attacks. One is a type of Ransomware, while the other is Cryptojacking. Both are widely used by hackers to exploit the victim and gain significant profit. The Ransomware version of Crypto Malware, such as Cryptowall and Locky, encrypts files on a compromised computer and then asks for a ransom in exchange for the decryption key. According to data published by the US government, ransomware attacks are increasing on a daily basis, with almost 4000 attacks per day on average. Ransom payments amount to $1 billion each year. In addition to the financial losses victims incur from ransom payments, ransom viruses can cause losses of data and productivity that hurt business reputation and profitability. Read more about the differences between crypto malware vs. ransomware. Cryptojacking, on the other hand, is a type of digital crime in which a perpetrator uses the computer resources of a victim to mine for cryptocurrency. Cryptocurrency refers to digital or virtual coins or tokens that function as money. Approximately 3,000 types of cryptocurrency exist, with Bitcoin being the most popular. Cryptocurrency operates by using a distributed database known as ‘blockchain’. In order to create new blocks (i.e., new coins), cryptocurrency users must use sophisticated computer resources to solve extremely complex mathematical problems. This is called “mining.” The first computer that solves the problem gets the new block (coin). A new problem is posted, and the mining operation begins again in search of the next coin. The hardware and software to mine for crypto-coins is expensive to buy, operate, and maintain. The average person doesn’t have the capital required to invest in the setup for legitimate crypto mining. Cryptojacking was invented to enable hackers to hijack other people’s crypto-mining equipment without the owners noticing. The paradox of Crypto Malware is that Ransomware is designed specifically to get the victim’s attention as soon as possible so the hacker can collect the ransom. Cryptojacking, on the other hand, is designed specifically to go undetected by the owner for as long as possible so the hacker receives the maximum use from the unsuspecting victim’s computer. Crypto Malware attacks commonly originate from emails. The email recipient clicks on a link that takes them to the hacker’s forged website. Or the victim downloads a malicious attachment supposedly containing a fax report, a shipping notice, an invoice, or a MS Word file. But the website or the file contains malicious code that infects the user’s computer and triggers either the Ransomware attack or the Cryptojack undercover operation.

How Does Crypto Malware Work?

Ransomware

Crypto-Malware Ransomware can get into your system in multiple ways, but the most common way is by downloading it through a spam email attachment. The downloaded file then starts the ransomware attack that corrupts the system. Other ways ransomware can spread include social engineering, the downloading of an unauthorized file from an unknown source, and fake advertisements. Ransomware can also be transmitted via a USB and chat messages. Once the Ransomware code finds its way onto a computer, it immediately begins to encrypt files on the harddrive. If the Ransomware is network-savvy, it can branch out from the initial computer to the harddrive on every other computer and server on the network. Encrypting a file is not rocket science. Decrypting a file is also not hard, provided you have the decryption key. Without the key, the encrypted files are totally useless. The files caught in the encryption net may contain financial information, operating data, contact information, personally identifiable medical or other sensitive data, or even the very operating system itself. Crypto Malware can cripple your computer and the entire company.

Cryptojacking

Cryptojacking is often classified as a silent threat. It disguises itself as a legitimate program. In stealth mode, however, the seemingly innocent application embeds malicious code into programs and applications. As soon as the user uses the device, the code runs in the background and starts mining for currency, i.e., using the computer’s resources to run sophisticated and lengthy algorithms to solve the mathematical problem-du-jour to steal a coin. As the Cryptojacking algorithms suck up more and more computing resources on the infected computer, the user sees slower response times until the computer becomes virtually useless, resulting in lost time and productivity. Further, if the compromised computer is already intended for cryptocurrency mining, the computing cycles the hacker is stealing from the owner are diminishing the owner’s ability to mine legitimately. A compromised advertisement or website is the more advanced method of spreading Cryptojacking malware. When the user visits a website infected with malware, a script automatically executes on their device. It is extremely difficult to defend against this type of attack because the malicious code is not stored on the user’s device and instead is on the server connected through the browser.

A Look at Some Popular Malware Over the Years

Numerous Crypto Malware attacks have made their way onto users’ computers and smartphones in the past few years. Here are a few of the most notable Cryptojacking culprits:

PowerGhost

PowerGhost is a fileless crypto-mining tool, making it very difficult to detect and eliminate. The elusiveness of the malware enables criminal miners to use a network of computers for long periods of time. Hackers using PowerGhost are known to target corporate networks in Brazil, Turkey, Columbia, and India.

MinerGate

This Cryptojacking malware is known for its ability to stop operating when notified that the computer is in use. As soon as the mouse is moved, mining activities are paused to avoid being discovered.

Facexworm

This malware uses Facebook Messenger to attack users’ computers through an extension for Chrome. This malware originally targeted adware droppers. Rather than use the victim’s computer to mine for cryptocurrency, it compromises cryptocurrency exchanges to steal existing crypto-coins from their legitimate owners.

BadShell

This virus infects standard Windows OS processes, such as PowerShell. Once PowerShell is infected with BadShell code, the malware kicks off surreptitious crypto-mining processes through Task Scheduler. Registry entries are used to store the malware’s binary code. Antivirus software typically cannot detect BadShell because it hides inside Microsoft-signed files.

Tips To Avoid Crypto Malware

In recent years, Crypto-Malware attacks have become increasingly common, including both Ransomware attacks and Cryptojacking. Combined with the fact that they are nearly impossible to detect, defenses against them are virtually non-existent. The best offense against Crypto Malware is a stellar defense. In most cases, only the user’s responsible online behavior can protect against Crypto Malware. You must do everything possible to keep it out of your system, because once it’s in, it’s nearly impossible to remove. Here is what you need to know to avoid Crypto Malware:
  1. Keep the majority of infected emails out of your inbox by using a spam filter.
  2. Never download a suspicious file or click on suspicious links.
  3. Use two-factor authentication so that exploiters have a more difficult time getting into your system.
  4. Access only URLs that begin with HTTPS.
  5. Invest in cybersecurity software, which can detect and prevent a wide range of threats from gaining access to your devices.

Bottom Line

Despite the best efforts of your users and your security team, it is possible for unsuspecting users and traditional security measures to miss email containing Ransomware and Cryptojacking viruses. You need enhanced, multi-layered, AI-driven security to protect your users’ inboxes from modern, sophisticated attacks. Trustifi’s Inbound Shield solution uses the latest technology to detect and eliminate virus-carrying emails before they ever reach your employees’ inboxes. In the highly unlikely event of an infection, Trustifi offers an off-site secure cloud archive service that silently backs up encrypted copies of files, emails, and IM conversations. If files are damaged by Ransomware or any other problem, system administrators can restore the files quickly, thus reducing cost and damage. Even small businesses and startups need world-class protection from cybercriminals. Trustifi’s security solutions are designed specifically with the small business in mind, because small businesses are the most vulnerable and highly targeted victims. Contact a Trustifi security consultant today to learn how easily and affordably you can implement the premier security solution for your company’s systems.
Related Posts