While ransomware has made hackers’ happy times in 2017 (feel free to read our blog post about ransomware #Ransom…what? The Black Plague of Computers), 2018 has been (and probably will be) conducive to mass cryptojacking.
500 million users around the world could have been victims of this cyberthreat without even knowing it.
But what exactly is cryptojacking? What are its impacts? How to protect yourself to hedge against it effectively?
How does cryptojacking work?
Cryptojacking or “bitcoin mining malware” creates virtual currency by using users’ computers without their knowledge. This insidious method is now widely used because it is profitable and easy to set up for hackers and difficult to detect for users. To take advantage of it, you just have to add a few lines of script to the malware code of a website to get free cryptocurrency mining.
The boom of crypto-currencies especially with bitcoin, gave ideas to hackers to make easy money by using the equipment of other people. Indeed, to mine effectively virtual currencies, a great amount of power is needed. Mining involves solving complex mathematical calculations using machines in exchange for which the minor is remunerated in cryptocurrency. To do so, the use of several computers is necessary. Hackers “requisition” computers from a multitude of users to earn more virtual currency (and therefore real money by reselling it!).
It should be noted that cryptojacking is not only practiced by hackers or malicious people, but also by big websites, practicing it for additional income.
The impact of cryptojacking for users: is there a real danger for my IT security?
The first effect of cryptojacking for a user, and therefore the first harbinger of this type of cyber-threats, is the slowdown of the processor (CPU) of his computer, which is the speed of execution of the browser, programs and processes.
“Pirate Bay users had their CPU use 85% of their capacity whereas it should not use more than 10% normally. The Pirate Bay said it was a bug and that cryptojacking would normally use between 20% and 30% of the processor’s power. ” Journal du Net
The excessive use of the CPU will lead to an early aging of the computer and its premature obsolescence.
Finally, it should be noted that the more a processor uses its power, the more it consumes energy to operate. Logically, electricity consumption will increase for the trapped user and the bill too!
To summarize, there is no danger regarding the security of your data or your computers when it comes to cryptojacking, but just a use of your resources (CPU and electricity) without your consent and without your knowledge.
But then how to hedge against cryptojacking?
Currently, there is unfortunately no way for users to give their consent to the use of cryptojacking malware by websites. Moreover, these websites are not required to warn users of such a practice.
While waiting for an adapted law to this cyber-issue, it is appropriate for everyone to protect themselves from cryptojacking by their own means.
First question to ask yourself: how do I check if I am a victim of it? The first symptom to check is the use of the CPU in your task manager (in the “performance” tab of the manager). If the CPU usage increases even after closing all browsers, it’s probably a bad sign! As mentioned earlier, the unexplained rise in your consumption and bill electricity can also be an alert.
But how can you protect yourself from cryptojacking? At this time, the only possibility is to install an extension on the browsers that checks the codes that are running on your equipment. But you can also decide that it’s a way to pay for your favorite websites by avoiding unwanted ads and pop-ups!
Cryptojacking is now considered by many as the flagship cyber-threat of this year, taking ransomware first place, which, however, turns out to be far more dangerous to users because of the represented threat it constitutes on their data (loss of personal and professional data, but also great financial losses without being sure of their restitution). This phenomenon will be, without a doubt, discussed about for a little while considering the financial windfall it represents today for hackers or websites …