Image
Image
"The number of ways adversaries are delivering miners to end users is staggering. It is reminiscent of the explosion of ransomware we saw several years ago. This is indicative of a major shift in the types of payloads adversaries are trying to deliver. It helps show that the effectiveness of ransomware as a payload is limited. It will always be effective to ransom specific organizations or to use in targeted attacks, but as a payload to compromise random victims its reach definitely has limits. At some point the pool of potential victims becomes too small to generate the revenue expected."Although it is unlikely that any individual infected PC will generate significant amounts of money for cryptominers, when you have hundreds of thousands of hijacked PCs under the command of a botnet the profits to be made are considerable. Furthermore, a cryptomining attack has an arguably longer shelf-life than a ransomware attack. By its very nature, a traditional ransomware attack has to announce its presence to its victims in order to request a payment. Cryptominers, in contrast, want to draw as little attention to themselves in order to mine for as long as possible to generate the maximum income. In fact, the biggest clue that most users will have that their computers may be affected by a cryptominer is if they found the PC is slowing down, its battery running out at a quicker rate, or the fan blowing at full blast. Don't make the mistake of thinking that this is a victimless crime. If your computers get recruited into a cryptomining botnet like Smominru, it's your electricity and computer power that is being stolen. Keep your computers up-to-date with security patches, defended with layered security solutions, and your wits about you. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
