Attackers Revamp Old Ransomware for Cryptocurrency Malware

In another tale of malware types, cybercriminals are starting to repurpose old ransomware with new capacities to illegally mine or steal cryptocurrencies like Bitcoin and Monero.

Cybersecurity firms Fortinet and Kaspersky Lab as of late have seen occurrences in which cycles of ransomware are being outfitted with the capacity to steal Bitcoin or computer power to mine cryptocurrencies.

Kaspersky specialists have nitty gritty a refresh to the 5-year-old Trojan-Ransom.Win32.Rakhni malware family. Once installed on a victim’s computer, the malware scans through the checklist before choosing whether to install it ordinary ransomware or send a cryptominer that will empower it to siphon the power of the PC from the system.

Kaspersky researchers Egor Vasilenko and Orkhan Mamedov in a blog post wrote. “The decision to download the cryptor or the miner depends on the presence of the folder %AppData%\Bitcoin. If the folder exists, the downloader decides to download the cryptor. If the folder doesn’t exist and the machine has more than two logical processors, the miner will be downloaded. If there’s no folder and just one logical processor, the downloader jumps to its worm component.”

Also, Fortinet experts found the malware that depends on the Jigsaw ransomware first found in April 2013. The new ransomware strain currently likewise empowers attacker to take Bitcoin by changing the addresses of victims’ wallets to some of 10,000 existing Bitcoin addresses it has on the document and after that having the payment sent to accounts held by the criminals.

There have been different cases where techniques utilized in ransomware were repurposed for cryptocurrency mining. That incorporates malware that utilized the BlueEternal exploit that was the foundation for WannaCry ransomware attack in a crypto jacking and it was named WannaMine.

The creators behind the malware are hoping to exploit the money that can be procured through taking and mining cryptocurrencies. A year ago, due in a substantial part of WannaCry and other malware that took over its lead, ransomware was the most known attack in use. In any case, that began to change before the end of last year, and now a scope of cybersecurity vendors- including Check Point Software, Malwarebytes and McAfee- – have seen the quantity of crypto mining attack soar in the early part of 2018.

While ransomware is still growing, it’s a boisterous attack technique that requires the attackers to declare their presence and depends on others to act- – for this situation, make a payment. Cryptomining can keep running under the radar all the more effective, taking enough CPU cycles to play out the compute-intensive tasks of mining cryptocurrencies, but not enough to caution the victims that the malware is running on their system.

Cybercriminals are repurposing older ransomware to get cryptoming malware into the system, which bodes well, as per Eric Ogren, a security examiner with 451 Research. The delivery methods are the same–often by enticing users to open a malicious file or click on a link to a bad site–and then the malware is deployed.

How to Secure Yourself

Most malware is being spread through email attachment. Subsequently, the aphorism, don’t download the attachment or click on any links in messages from unknown senders, this is the first line of defense.

Moreover, purchasing anti-virus software and malware detecting software will alert users when they reach websites with embedded crypto miners as well as flag attachments that may contain malicious software. Adding a crypto mining blocker as an extension in your browser can be an additional mitigating course of action.

Staying away from non-kosher websites and not downloading unlicensed software are also advisable to avoid catching crypto stealing malware on your PC. To catch cryptomining, you should regularly monitor your CPU usage. If you are experiencing a spike in usage, you may have been infected with cryptocurrency mining malware.

Finally, you should upgrade your computer with all necessary upgrades as these will include patches for vulnerabilities that hackers may attempt to exploit.