From ransomware to Web miners

November 15, 2017

No longer just the province of geeks, cryptocurrencies are starting to affect the lives of ordinary people much more than many ordinary people are inclined to think. Even if you don’t use cryptocurrencies yourself, you are not immune to some of the problems associated with them.


You may not know or care much about bitcoins, but one not-so-fine day, a stranger might force you to start using them. In fact, cryptocurrencies have made monetisation for malware creators easier than ever before.

Think back five years. Malicious blockers displayed unwanted images on victims’ screens, preventing access to their systems and files, and demanded ransom in the form of a paid SMS message sent to a premium phone number.

It was not smooth sailing for the attackers. Even if they were successful, the telecom company scooped up half of the money. Then, the premium phone numbers could be blocked, as could the money collected on corresponding accounts. Finally, perpetrators risked getting busted by the police when cashing out.

Cryptocurrencies were a game changer. Today, encrypting ransomware is the bane of users who don’t use good cybersecurity. This type of ransomware encrypts user data and demands a ransom payable in a cryptocurrency, and only after payment is made will the attacker (perhaps) send the decryption key to restore file access. Even those far from the world of cyberthreats have probably heard about WannaCry.

Although WannaCry was actually a wiper, it found notoriety as encrypting ransomware

For attackers, cryptocurrencies must seem heaven-sent: no need to share the booty with anyone, no one to block their wallet, and, most important, no one to catch them while they’re cashing out. Bitcoin is not really anonymous, but an attacker can use alternative cryptocurrencies such as Monero or ZCash without fear of being tracked.
This simplification of the monetization process has led to an unprecedented spread of ransomware.

Malicious miners

Mining — reaping new cryptocoins by means of lengthy, complex calculations — is no less popular as a form of cybercrime. A Trojan miner, unlike a Trojan cryptor, does not encrypt anything; it simply starts secretly mining cryptocurrencies, using a victim’s computing power and electricity. Truth be told, this scenario is preferable to the previous one, and unprotected users may consider themselves lucky if their computers are merely used for covert mining, with no encrypting of valuable data.

Incidentally, over the first eight months of 2017, our products protected 1.65 million users from malicious miners, and we expect this figure to cross the 2 million mark by year’s end.

Web mining

Crafty developers began funding their projects by inserting miners in their software, but Pandora’s box opened wide when mining was implemented directly in the browser. After that, everything became even simpler — now users can be conscripted into a mining scheme just by visiting a website that makes the browser download a script that makes their computer mine money.

This innovation is seriously restructuring money-making schemes online. Some websites have even elected to stop displaying banners, relying instead on mining on visitors’ computers. Instead of using CAPTCHAs just to filter out bots, it would be more profitable to make use of those bots for mining — who cares if a visitor is a real person or a bot if they mine equally well? It could even be profitable to let users watch new movies without charging them a fee, and just mine away in the background while the flick is playing.

It doesn’t stop there. After hacking a popular resource, there’s no need to bother exploiting vulnerabilities in visitors’ software and infecting them with malware; after all, everything still has to be monetised. It’s far easier, and more profitable, to upload a script to the hacked website that forces visitors’ computers to mine money straight into the hacker’s cryptowallet.

Cybercriminals are highly adept at switching to the latest, most lucrative method. So I’m calling it now: Next year is likely to be the year of malicious Web miners — that’s where the smart (and quick) money is for malware makers.