Crime and crypto: An evolution in cyber threats
Criminals are always looking for ways to extort money from victims. The emergence of cryptocurrency—and how criminals us it—has changed the threat landscape and how we deal with cyberattacks.
An early form of what we know as ransomware came in 2012 with the FBI MoneyPak Virus. Like the typical ransomware attack, the victim would be locked out of their computer and only gain access after they pay a ransom to the criminal. Payment was made in the form of a gift card, like Ukash and MoneyPak.
While scams using Ukash and MoneyPak were wreaking havoc, a popular anonymous marketplace called Silk Road had been successfully experimenting with a new form of payment—Bitcoin.
Silk Road was an underground black market that operated on the dark web that made illegal goods available while letting the buyer stay anonymous. Silk Road thrived and proved that Bitcoin was a viable alternative to traditional currency. In 2013, the FBI seized Silk Road and arrested the founder, causing the price of Bitcoin to tank.
Around this time, the first variants of cryptolockers were showing up. They were an instant hit among criminals and soon ransomware was spreading across the world. And with it came the return of Bitcoin. Many early versions of cryptolockers accepted Ukash and MoneyPak, but gave a discount to Bitcoin. This made the cryptocurrency the preferred form of payment for criminals. However, Bitcoin’s ledger system was public. This meant that addresses had been linked to criminal campaigns, leading to some criminals eventually being caught.
This made criminals look for a new form of cryptocurrency. Enter Monero. Monero might not be as mainstream as Bitcoin, but it’s popular among criminals. This is because Monero operates on a private ledger that hides the origin and amount of transactions from the public eye. Criminals can freely send their Monero to any address without it being flagged and cash it out without a problem.
Another attractive characteristic of Monero is that it can be profitably mined using a consumer-grade CPU inside a personal computer, as opposed to specialized mining hardware needed to mine Bitcoin. This sparked another trend among criminals—cryptojacking.
Cryptojacking is when a script is run in the background of a website and use the visitor’s CPU to mine for cryptocurrency. This has allowed criminals to generate money from victims without delivering malware to the victim’s systems. However, this isn’t free money. Users pay the price through CPU and energy usage.
The first mining script was released in September 2017 by CoinHive. They claim cryptocurrency mining is an ad-free way for website owners to generate income to pay their operating costs, but it’s clear criminals are abusing the tool at the victims’ expense. Since CoinHive receives a 30% commission on mining profits, they may not be too concerned with how the scripts are being used—or abused. All a criminal has to do is inject a few lines of code into a domain they don’t own and wait for victims to visit the webpage.
The amount of labor and illegal footprint is minimal compared with a ransomware attack. This is what has driven cryptojacking to become the threat that it is today.
Tyler Moffitt, senior threat research analyst, Webroot, stays deeply immersed within the world of malware and anti-malware. He is focused on improving the customer experience through his work directly with malware samples, creating anti-malware intelligence, writing blogs, and testing in-house tools.
ConnectWise has an ever-evolving ecosystem that extends from the roots of our core platform. Our ecosystem consists of 160+ solutions you can purchase through us plus even more integrations available in our Marketplace. Learn how you can connect into the ecosystem in your own unique way.