Ransomware rewritten destroy files and mine cryptocurrency

Cybercriminals seem to be shifting away from ransomware; mining cryptocurrency instead.  They have re-purposed file-encrypting malware into something which now highjacks computers for mining purposes.  According to some sources, the code conversation doesn’t appear to have gone smoothly because the coinminer is also a file infector which prevents applications from working and destroys files. The malware is also capable of destroying critical system files, while can render the system unusable if the infection spreads too far.  This activity isn’t subtle and would likely alert the user that something is going wrong with their computer – something which those operating mining malware try to avoid in order to make profit while remaining undetected.

Researchers have uncovered two variants of the cryptocurrency-mining infection – both use a Coinhive injection and both infected .exe, .com, .scr and .pif files, as well as disabling Windows User Account Control notification. Trend Micro has been following this activity and have determined the ransomware code is morphing into this new form of mining.  “It seems like the ransomware code was repurposed, adding new capabilities to make it a more destructive cryptocurrency miner,” wrote Trend Micro’s Don Ladores and Angelo Deveraturda.  “The malware also uses huge resources because it stacks infections, which unnecessarily takes up more disk space. Since it is also a cryptocurrency miner, it uses the device’s memory resources,” said researchers.

As a part of security and firewall monitoring, TTJ has been seeing this attempt snag about one client per day, about five times per day (as shown from our T-Care Dashboard graphic today).  These are being blocked with our SonicWALL Next Generation Firewalls with Gateway Antivirus.  I say “snag” because in all cases users inadvertently invited the infection into the network.  There is a HUGE risk of your computers getting this infection without a Next Generation firewall.  Computer antivirus software typically cannot react fast enough before files are infected. Such is the success of mining malware, it has become as lucrative as ransomware for attackers. Although ransomware isn’t as popular as it was last year it still remains a threat to home users and businesses.

Leave a Reply

Your email address will not be published. Required fields are marked *