Cryptojacking is what we call it when cyber-criminals use your computer to mine Bitcoin or other cybercurrencies. If you understand how Bitcoin and cryptomining works, that’s all you need to know. For everyone else, please read on…
You’ve probably heard of Bitcoin. Bitcoin is the most well-known example of a cryptocurrency (digital money) that is used for buying and selling things on the Web. Cryptocurrency is the preferred currency of cyber-criminals, mainly because it is international, doesn’t require a bank account and is completely anonymous. Criminals also use Bitcoin transactions as a method of money laundering for proceeds of other crimes that need not be digital in nature. In fact, about 97% of transactions on the infamous “dark web” are conducted using Bitcoin.
Cryptocurrencies like Bitcoin are created through a process called cryptomining. Essentially, high-powered computers need to solve very complex mathematical puzzles in order for new Bitcoin to be created. So, given that cyber criminals know that they can literally make new money simply by putting computers to work, it makes sense that they would try to maximize their benefit, and minimize their cost, by using your computer instead of theirs. That’s where cryptojacking comes in.
Cryptomining takes up a lot of a computer’s processing power, as well as electricity. A computer that is cryptomining probably can’t do much else. Certainly, everything else will slow down and/or crash. So shady operators are always looking for ways to save their computing power by using yours.
Here’s how they do it:
- Company insiders: Someone working at a legitimate business, with high-level access to the company’s servers, can easily set up cryptojacking apps on those servers, for their own nefarious purposes, or on behalf of criminal organizations.
- Phishing: You’ve probably heard of phishing as a way that bad guys try to install malware and other malicious software on your computer or server. It involves sending an email to someone in the company, asking them to click a link or open an attachment. If you or your employees are not properly trained, you could inadvertently click, and install cryptojacking software on your system. It’s usually very difficult to detect the software. Often it’s discovered after months of systems performing slowly.
- Rogue websites: There are tens of thousands of websites around the world that pretend to contain information on a variety of topics, but are really just trying to lure you there so that the website can install cryptojacking software on your system.
Don’t get jacked – protect your business from cryptojackers
There are three important things your organization can do to protect itself from cryptojacking:
- Implement an effective firewall and security protocols to prevent phishing emails from getting through to you and your employees, and block access to websites that are known to or suspected of containing malicious code.
- Because no firewall is perfect, train your employees not to click on any link or attachment in an email unless they can verify 100% that it is from a trusted source. (Phishing emails often look like they are from someone you know.)
- Talk to a broker about purchasing cyber insurance. This will cover losses you might experience from system down time if you fall victim to cryptojacking, and any liability related to your systems being used for illegal activities.