Cryptojacking is on its way to becoming a more common cybersecurity risk than ransomware.  If you haven’t heard of it, here’s what you need to know about protecting your business from cryptojacking.

What is Cryptojacking?

Cryptojacking is short for “cryptocurrency hijacking.”  Cryptocurrencies (like bitcoin or Monero) are digital currencies that exist on a blockchain.  A blockchain is an encrypted digital ledger that securely keeps track of the order of transactions between computers.

Simply put, cryptojacking is stealing computing power from someone else’s device to create, or “mine”, cryptocurrency. The power can come from a computer, smartphone or tablet. Unlike malware or ransomware, cryptojackers steal power, not data.

The con involves infecting websites, then stealing computational power from an unsuspecting website visitor’s computer.  Why steal power?  Mining cryptocurrency takes vast amounts of computing power, which can be expensive to generate.

To mine a cryptocurrency, a computer solves extremely complex mathematical puzzles to produce a piece of data. This data makes a new unit of a given cryptocurrency. The mining process is difficult and energy-intensive to ensure these data sets are scarce enough to serve as a currency.  Think about it - if it's easy to mine a bitcoin, the coin would have no value.

Here’s some perspective on the amount of energy cryptomining requires. The Bitcoin Energy Consumption Index reports that bitcoin uses about 32 terawatts of energy every year.  This is enough to power about three million U.S. households.  By comparison, processing the billions of Visa transactions that take place each year consumes the same amount of power as just 50,000 American homes, according to Digiconomist.

Stealing processing power is cheaper than running expensive server farms.  It’s easier than installing malware to steal and sell corporate data.  And, it often goes unnoticed by the victim.

What Happens to Your Computer or Device

If you visit a cryptojacked website, you may not even know it.  If the cryptojacker is cranking power for too long, the fan on your computer may start whirring, your computer may actually get hot to the touch, and your keyboard may slow down.  That’s because of the excessive processing power being generated by the cryptojacking.

The good news is once you close out of that website you should be fine.  The bad news is the excessive power consumption has added wear and tear on your machine.  (Sort of like if a valet driver takes your car for a wild ride – it runs ok when you get it back, but there’s extra mileage and you’re not sure where it’s been.)

Can Cryptomining be Legitimate?

Sometimes. For example, Coinhive is an in-browser miner that is used to mine Monero, which is not as valuable as bitcoin but easy to mine on a personal computer.

Coinhive released its mining code last summer, pitching it as a way for website owners to earn an income without running intrusive or annoying advertisements. Websites that use it legitimately will ask for your permission in exchange for seeing fewer ads.

Unfortunately, Coinhive’s code has emerged as the top malware threat tracked by multiple security firms. That’s because much of the time the code is installed on hacked websites — without the site owner’s knowledge or permission.

What You Can do to Protect from Cryptojacking

  1. Keep your anti-virus and anti-malware current. A managed IT services provider will constantly and proactively update these services to help prevent intrusions.
  2. Keep Windows software patched and apply OS updates to mobile devices as soon as they’re released.
  3. Be careful online. Ask your IT provider about web filtering and DNS blocking tools to help protect you from clicking on known unsafe websites.

If you’d like to know more about how CRU Solutions can help protect your business from cryptojacking and other cyber threats, contact us.