Is Cryptocurrency-Mining Malware Due for a Comeback?

Data Breach Today

If Ransomware Should Decline as a Viable Criminal Business Model, What Comes Next? The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history.

Mining 242

Government Websites Deliver Cryptocurrency Mining Code

Data Breach Today

and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware Security of Code Pushed by Content Delivery Networks Remains Ongoing Concern More than 4,200 websites, some belonging to the U.S.,

Mining 133

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. The mining program is composed of The malware was designed to abuse NAS resources and mine cryptocurrency.

Mining 102

Cryptojacking: Hackers Mining Bitcoin on Your Dime!


When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Cryptojacking has already replaced ransomware as the No. 1 threat facing enterprises; cryptojacking is more profitable and requires less effort and risk than ransomware, according to ITProPortal and Forbes.

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

Related: Why cryptojacking is more insidious than ransomware. On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. However, closer inspection reveals how cryptojacking morphed out of the ransomware plague of 2015 and 2016. You can mine them, if you have a powerful CPU.

Mining 109

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores. Arsene: It’s important to understand that crypto mining may seem benign.

Mining 123

Cryptojacking Displaces Ransomware as Top Malware Threat

Data Breach Today

Criminals' Quest for Cryptocurrency Continues If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. But while ransomware campaigns may be down, they're far from out Numerous studies have found that the most seen malware attacks today are designed for cryptojacking.

Mining 161

EVRAZ operations in North America disrupted by Ryuk ransomware

Security Affairs

Computer systems at EVRAZ, a multinational vertically integrated steel making and mining company, have been hit by Ryuk ransomware. EVRAZ is one of the world’s largest multinational vertically integrated steel making and mining companies with headquarters in London.

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected. “Two sources tell us that the ransomware involved is none other than Ryuk. In March, the City of Durham shut down its network after Ryuk Ransomware attack.

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. 30th) attempting to install crypto-mining tools.” ” The expert spotted a small number of scans starting on October 30 attempting to install crypto-mining tools.

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

Office furniture company Steelcase was hit by Ryuk ransomware attack that forced it to shut down its network to avoid the malware from spreading. The company is not aware of data loss caused by the ransomware attack.

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The malware was designed to abuse NAS resources and mine cryptocurrency.

Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining


The Rakhni Trojan is now giving bad actors the ability to infect victims either with a ransomware cryptor or a miner. Malware Vulnerabilities Crypto Cryptocurrency Cryptominer Email Spam malware miner Rakhni Trojan Spam Trojan Worm

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

The City of Durham, North Carolina, was the last victim in order of time of the infamous Ryuk ransomware that infected its systems. The City of Durham, North Carolina was forced to shut down its network after its systems have been infected with the Ryuk Ransomware during the weekend.

XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins


A newly discovered malware has different capabilities for Windows and Linux systems, including ransomware and cryptomining. Hacks Malware Vulnerabilities data destruction iron group Linux macOS malware ransomware Windows xbash

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS. and Italy hosting Android and cryptocurrency mining malware.”

Obama-Themed Ransomware Also Mines for Monero

Data Breach Today

More Proof Cryptojacking Is Thriving: Crypto-Locking Malware Doubles as Miner Ransomware creators, having already created "themes" for their crypto-locking malware ranging from Pokemon and horror movies to princesses and Donald Trump, have now debuted "Barack Obama" ransomware. In a sign of the times, the ransomware doubles as a monero cryptocurrency miner

Mining 134

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

“These particular applications are targeted because they often run on systems that have powerful underlying hardware with significant amounts of memory and powerful CPUs—all of which allow threat actors to maximize their ability to monetize these resources through mining cryptocurrency.”

Mining 113

The Long Run of Shade Ransomware

Security Affairs

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Trend of malicious JavaScript downloading Shade ransomware (source: ESET). Table 1: shade ransomware informations. Ransomware Onion website. The Long Run of Shade Ransomware. SecurityAffairs – Shade Ransomware, malware).

Ransomware attacks drop as organizations raise defenses

Information Management Resources

Cybersecurity professionals reporting that cryptocurrency mining is on the rise. Ransomware Cyber security Phishing Malware

Crypto Miners May Be the ‘New Payload of Choice’ for Attackers


Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware. Malware Web Security Botnets Cisco Talos Cryptocurrency malware mining Monero ransomware

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. The second stage drops and executes three additional modules: a backdoor, a Miner and finally a quite known Ransomware. According to pcrisk , the first downloaded module (327B0EF4.exe) looks like a well-known Troldesh Ransomware. Ransomware Note. Why the implant installs a “miner” and a “ransomware” as well

Weekly podcast: Australian Cabinet Files, Matt Hancock MP’s app and Monero mining

IT Governance

Finally, have we reached ‘peak ransomware’? After all, why lock users’ machines and demand a ransom that they might not even pay when you can just infect their machine with software that mines for cryptocurrency without their knowledge? Wait a moment – cryptocurrency mining ? Let’s just say mining entails solving complex mathematical calculations for a cryptocurrency reward and it requires a lot of processing power because it’s complicated.

NortonLifeLock Criticized for New Cryptomining Feature

Dark Reading

While the crypto crowd applauds the move, critics worry about the environmental impact, supporting a currency used for ransomware, and mining further slowing down systems

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. But with no orderly internal framework, unstructured data defies data mining tools. Ransomware target. Gartner analysts estimate that over 80 percent of enterprise data is unstructured and is growing up to 65 percent a year, enticing cyber criminals to mine the mother lode. Ransomware “is encrypting files, unstructured data.”

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1 2019 , detected and analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with Troldesh aka Shade being the most popular tool among cybercriminals. The revival of ransomware.

Malware Leveraging PowerShell Grew 432% in 2017

Dark Reading

Cryptocurrency mining and ransomware were other major threats

Ransomware, Leakware, Scareware… Oh My!

Thales Cloud Protection & Licensing

Because the never-ending battle against the evil forces of the dark web continues with regard to ransomware and its ghoulish close cousins – leakware and scareware. Actors on the dark web, hiding behind their dark masks of anonymity, continue to brew their devilish ransomware potions. Not every ransomware potion is alike and the recovery from the electronic equivalent of a slash-and-gash malware attack can vary, depending on exactly how an attack decomposes. Ransomware.

Alleged GandCrab Distributor Arrested in Belarus

Data Breach Today

Authorities Allege He Also Distributed Cryptocurrency Mining Malware A 31-year-old man who allegedly distributed versions of the GandCrab ransomware to target users has been arrested in Belarus for possession and distribution of malware, according to the country's Ministry of Internal Affairs

Mining 152

Kaspersky Deems Crypto-jacking the New Ransomware as Crypto-miners up Their Game

The Security Ledger

Because of its potential to earn hackers millions in a steady stream of cash, Kaspersky Labs has deemed crypto-jacking the new ransomware in a report that arrived just as researchers spotted two new types of malware targeting the growing popularity of cryptocurrencies. In its report released last Wednesday, Kaspersky declared that crypto-mining. Consumer Kaspersky Lab Malware Reports Top Stories Vulnerabilities Cryptocurrency malware ransomware reports trends vulnerabilities

Malware Moves: Attackers Retool for Cryptocurrency Theft

Data Breach Today

New and Repurposed Attack Code Steals Passwords, Drops Miners and Ransomware Cybercrime gangs continue to update or issue fresh versions of malware to mine for cryptocurrency, deliver crypto-locking ransomware, steal passwords and facilitate online bank account heists, according to new research reports

Mining 161

North Korean Hacking Infrastructure Tied to Magecart Hits

Data Breach Today

Hidden Cobra Stealing E-Commerce Payment Card Data, Security Firm Sansec Reports Hackers with apparent ties to North Korea have extended their bag of online attack tricks beyond cryptocurrency mining, online bank heists and ransomware.

Mining 147

Zyxel Fixes 0day in Network Storage Devices

Krebs on Security

Patch comes amid active exploitation by ransomware gangs. “In some cases, it is possible to exchange your 0day with my existing 0day, or sell mine,” his Russian-language profile reads.

IoT 183

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. “Xbash has ransomware and coinmining capabilities.

Security Affairs newsletter Round 305

Security Affairs

Breaking News data breach Hacking hacking news information security news IT Information Security malware Newsletter Pierluigi Paganini ransomware Security Affairs Security NewsA new round of the weekly SecurityAffairs newsletter arrived!

Security Affairs newsletter Round 308

Security Affairs

Breaking News Cybercrime data breach Hacking hacking news information security news IT Information Security malware Newsletter Pierluigi Paganini ransomware Security Affairs Security NewsA new round of the weekly SecurityAffairs newsletter arrived!

Security Affairs newsletter Round 326

Security Affairs

ransomware gang BlackMatter ransomware also targets VMware ESXi servers Conti ransomware affiliate leaked gang’s training material and tools Conti Leak Indicators – What to block, in your SOC…. A new round of the weekly SecurityAffairs newsletter arrived!

Report: Small, Stealthy Groups Behind Worst Cybercrimes

The Security Ledger

Still, low-level criminal activity on the dark web still poses the most widespread and immediate security threat, with cryptocurrency mining, ransomware and malware all on the rise, a recent report has found. cryptojacking Dark Web data breach Hacks & Hackers published research Reports Top Stories Vulnerabilities Cryptocurrency cyber security cybercrime ransomware reports

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk

eSecurity Planet

“Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.”

Mining 112

Security Affairs newsletter Round 312

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.