The current information security landscape is dominated by cryptomining malware, otherwise known as cryptojacking. In 2019, 38% of all companies globally were affected by such malware.

According to some estimates, cryptomining software generated $100 million USD by 2018.

However, crypto-mining software is not the only type of crypto-malware (i.e., malware involving the use of cryptography).

We'll take a detailed look into the typology of crypto-malware, and discuss five of the biggest crypto-malware attacks. Plus, we'll provide some brief recommendations on how to protect against crypto-malware.

Typology of Crypto-Malware

Crypto-malware can be divided into three categories:

  • Crypto-mining malware
  • Crypto-ransomware
  • and crypto-stealing malware

Crypto-mining malware

Crypto-mining malware is a malware that uses the computer processing power of an infected computer in order to mine cryptocurrency without authorization.

After infecting a computer, this type of malware may remain unnoticed for a long period of time as it is designed to use computer processing power without attracting attention.

One of the signs indicating the infection with crypto-mining malware is the slower than usual operation of the infected computer. In some extreme cases, crypto-mining malware can completely block the operation of the infected computer due to the complete exhaustion of the resources of that computer.

Crypto-mining malware may affect not only desktop computers, but also laptops, mobile phones, and Internet of Things (IoT) devices.

To illustrate the operation of crypto-mining malware, we will briefly discuss one particular type of such malware, namely, WannaMine. Its purpose is to use the infected computer to generate a cryptocurrency Monero.

WannaMine relies on a hacking tool called EternalBlue.

It was initially developed by the US National Security Agency (NSA), but later was publicly released and serve as a basis for various malware applications, including the infamous WannaCry. The cryptocurrency generated through WannaMine is added to the digital wallet of the fraudsters.

It is estimated that more than 500 million Internet users are mining cryptocurrencies on their computing devices, without being aware about it.

Crypto-ransomware

Crypto-ransomware is malware that encrypts the files stored on the infected computer and asks the users of that computer to pay a ransom in order to access the encrypted files.

The ransom typically varies between $300 and $500 USD and needs to be paid in bitcoin or another cryptocurrency. Crypto-ransomware may cause substantial losses to the global economy. For example, the estimated losses caused by the crypto-ransomware WannaCry amount to $4 billion USD.

It affected approximately 230,000 computers all over the world, including computers of hospitals and telecommunication companies.

Two months before the appearance of WannaCry, Microsoft released a security patch which protected the users of Microsoft Windows against WannaCry and other malware based on the EternalBlue exploit. However, since many individuals and organizations did not timely update their operating systems, WannaCry succeeded to infect a large number of computers.

Once WannaCry infects a computer, it encrypts the files stored on that computer and demands a ransom between $300 and $600 USD.

However, most of the victims who paid the requested ransom did not get their files decrypted. Some researchers argue that no one succeeded to decrypt files encrypted by WannaCry.

Crypto-stealing malware

Crypto-stealing malware aims to secretly steal cryptocurrency from users of infected computers.

For example, the North Korean hacker group Lazarus used the messaging application Telegram to spread malware that allows the attackers to steal crypto-currencies.

Crypto-stealing malware is often developed by North Korean hackers because cryptocurrencies allow North Koreans to evade the economic sanctions imposed by a number of countries and international organizations.

Kayla Izenman, a Research Analyst at RUSI's Centre for Financial Crime and Security Studies, stated in this regard: “Cryptocurrency exploitation is allowing North Korea to transact with the rest of the world in ways that aim to circumvent sanctions designed to curb its proliferation financing.”

According to a UN report from 2019, North Korea has generated more than $2 billion USD in cryptocurrency through hacks of cryptocurrency exchanges and other organizations.

Top 5 Crypto-malware Attacks

In this section, to illustrate the impact which crypto-malware attacks may have, we briefly discuss five of the biggest crypto-malware attacks:

  • Retadup
  • Smominru
  • CryptoLocker
  • Bayrob Group’s malware
  • WannaCry

Retadup

Retadup, a crypto-mining software, needs to be placed first in the list because it succeeded to create a botnet of 850,000 infected computers.

The French police discovered and eliminated the botnet which was regarded as one of the largest botnets in the world.

Smominru

The crypto-ransomware software Smominru is put on the second position because it affected more than 500,000 machines and generated more than $3 million USD in Monero.

CryptoLocker

The malware CryptoLocker takes the bronze medal as it also affected more than 500,000 computers. However, the damage caused by it is unclear yet.

Bayrob Group’s malware

Bayrob Group’s malware, a crypto-mining software that affected more than 400,000 computers takes the fourth place. It is worth mentioning that two members of the group were extradited from Romania to the U.S. and sentenced for cybercrime and fraud.

WannaCry

The fifth place is taken by WannaCry, a crypto-ransomware which was discussed in more detail above.

It infected 230,000 computers.

How to Protect Against Crypto-malware

Individuals and organizations willing to protect against crypto-malware need to raise their information security awareness through education and training. This is because crypto-malware usually spreads by luring computer users to open malicious attachments or click on fraudulent websites.

In addition to raising awareness about crypto-malware, it is necessary to regularly install software updates and patches in order to prevent hackers from using exploits, such as EternalBlue.

Last but not least, it is of utmost importance to install a reputable anti-malware solution that identifies and removes malware safely, quickly and effectively.

Final Thoughts

Crypto-malware is widely spread and exists in different forms. Its impact on organizations and the global economy as a whole can be tremendous.

Some malware applications can establish constellations of infected machines (the so-called botnets) having the capacity to unlawfully use the computer power of hundreds of thousands computers.

Organizations willing to avoid the infection with crypto-malware malware need to take a complex approach based on both information security awareness and information security software.