If you don’t know that your computer or server is being cryptojacked, how will you find the malware and remove it?
Unlike other forms of malware, cryptojacking doesn’t seek to disrupt your business — at least not immediately. On the contrary, its goal is to steal your processing power so that hackers can mine cryptocurrency, which the malware can accomplish only by remaining hidden as long as possible.
In May, cryptojacking viruses took the top two spots on Check Point Software Technologies’ top 10 “most wanted” malware list. Cryptojacking’s widespread success means it won’t go away any time soon. Despite its ubiquity, you’re not helpless against it. Proper preventive methods and recognizing the symptoms can help you minimize any damage. And knowing how to remove it will get you up and running again ASAP.
Am I a Target?
The short answer? Yes. For other malware such as ransomware, the “profit” depends on whether the victims chose to pay a ransom to get their data back. Only a small percentage of those infected will pay the ransom.
With cryptojacking, every system that is compromised will produce profits — a 100 percent return for the hijackers. In effect, that makes everyone a target. A small business network with 30 to 40 computers and high-speed internet access, for example, is a perfect target.
How Do I Avoid Cryptojacking / Miner Malware?
Cryptocurrency mining malware might be a new breed of cyberattack, but like any other virus, it has to get into your system before it can cause damage. It can come through a seemingly legitimate email attachment, link, or supposedly innocent website download.
If you’re running antivirus and anti-phishing software, you already have at least some level of protection. One way to strengthen your defenses is to include cryptojacking malware awareness as part of your employees’ regular training sessions. The same safety and security measures you take for all other forms of malware should apply here, too.
According to Check Point’s list, nearly 40 percent of organizations in the world have already fallen victim, so learning the warning signs is just as important as prevention itself.
How Can I Spot It?
Cryptojacking has such a high profit margin because it’s designed to hide better than other common viruses or malware. For example, you’ll know right away if your system is infected by ransomware. The malware will encrypt your data until you pay the ransom to release it. If the goal is to steal data, the malware will become obvious sooner or later.
Instead, crytpocurrency miner malware’s prime directive is to work in the background, hidden. It will force processors to max out during a device’s downtime when no one is around to see or hear it.
You won’t see the malware operating, but you can sometimes spot the symptoms if you keep a close eye on your system’s performance. If one or all of your company’s PCs are running full throttle at 2 a.m., that’s a likely indicator that something malicious is forcing them to work.
After all that processing, the malware then has to send data back to its creator — another telltale sign to look out for. If your computers are communicating with servers in Russia or China but you do business only in the States, then its worth double-checking those devices’ downtime performance to find out whether they’ve been cryptojacked.
Is My System Doomed?
Because cryptojacking malware is designed to hide, it automatically stops when someone starts working on the computer or device, but it will still have an impact on your business. Over time, the malware will wear down all of your devices’ processors, causing you to replace costly systems and forcing an increase in your utility bills. Detection can allow you to purge the malware from your devices, sometimes without your even needing to reset all of them.
As with any malware, you first have to find it to scrub it and move on. Working with a managed IT services provider can help you avoid having to reset. The team can run several advanced software scans to find every last trace of the malware on your system and strip its code. But if your system is severely infected, you might need to factory reset everything and start from scratch with your backup data.
You might not always be able to avoid a cryptojacking malware infection, but proper preventive measures and comprehensive system monitoring can help to prepare you if that crisis does arrive.
The Purple Guys can help prepare you and your company for any cryptojacking challenges that might lie ahead. Contact us for more information on how to protect your business from those viruses.