Famous cyber security company, McAfee released its threat report for August 2019, and it does not look good for the reputation of the crypto ecosystem as it shows a significant increase in crypto jacking campaigns and ransom malware attacks. It is astonishing that not just windows, even Apple OS has been the target of these cyber attacks.
The report revealed that in addition to the rise in ransomware, crypto jacking has also been climbing up, with a 29% increase in crypto jacking campaigns in Q1 2019. Cryptojacking involves remotely and secretly installing crypto mining software onto computers in order to mine for cryptocurrency.
One crypto jacking campaign that was discovered by McAfee was PsMiner, which targeted the cryptocurrency Monero (XMR) on Windows machines. The report revealed that PsMiner used a PowerShell command to deploy its payload, which turned out to be a bit of a norm when it comes to crypto jacking Windows computer.
It’s not just Window’s computers that are being threatened by the menace of crypto jacking, even Apple computers have been affected. McAfee labs uncovered a malware family that has its target set on Apple users, which called CookieMiner. The malware mines the cryptocurrency Koto, a zero-knowledge proof crypto from Japan.
Only earlier, this week reports highlighted a Monero crypto jacking virus that successfully managed to hack 850,000 servers, mostly in Latin America. French authorities however did shut down the main server.
Furthermore, the crypto jacker also steals personal information of users, which it does by incepting major crypto services, like cryptocurrency exchanges and crypto wallets such as Binance, Bitstamp, Bittrex, Coinbase, MyEtherWallet and Poloniex, per the report.
Furthermore in addition to crypto jacking, the threat report posted on McAfee Labs website ransomware attacks grew by a whopping 118% and that is only in the first quarter of 2018. In addition to that, investigative research and trends in threats statistics show that new ransomware were also detected, which employed sophisticated attack techniques, however they were still very much dependent on human interaction and social engineering.
The report revealed that there was a decline in volume of unique ransomware families in the last quarter of 2018, however the Q1 of 2019 has seen the emergence of several new ransomware families that are employing advanced tactics and innovative techniques to target businesses.
Ransomware in general is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access. McAfee’s research singled out the top 3 ransomware families, based on volume that have been the most active.
The report explains that this ransomware is known for attaching numerous extensions to infected files. It is apparently a variant of CrySiS and has been actively targeting different systems since 2016. The most alarming part is that the culprits behind this Dharma continue to release new malicious variants, which are not decryptable.
This particular ransomware makes use of the advanced encryption standards (AES) and drops a file on the infected system, that goes by the name of “GandCrab.exe”. The malicious software then adds “.GDCB” to encrypted files, which is delivered to the unsuspecting target via RIG exploit kit. According to Trend Micro, exploit kit such as Rig usually starts off with a threat actor, compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page.
Ryuk became famous early in the first quarter, when its outbreak made newspaper headlines in the United States, which forced McAfee to probe into this ransomware family. After thorough investigation, the research deduced that the Ryuk attacks might not necessarily be backed by a nation-state, rather share the characteristics of a cybercrime operation.
These ransomware families barely scratch the surface, as the research report has managed to uncover numerous more malicious ransomwares that terrorized systems in 2019 so far.
Let’s see if the rest of the year is any better for the security of the crypto ecosystem in general.