What is Cryptojacking?
Cryptocurrency is not dead -- in fact, its market size is projected to grow to more than $1billion by 2026. And while server farms and DIY home cryptocurrency mining is definitely still happening, there are ways of making just as much (if not more) profit without investing in infrastructure. And cybercriminals know it.
Cryptojacking -- the process of illegally mining for cryptocurrencies unbeknownst to the individuals or organizations that own them, rose 28% in 2020 from the previous year, with 81.9 million attempts. And according to Threatpost, in February of 2021, a cryptocurrency mining malware called WatchDog slipped under the radar and was running on at least 476 Windows and Linux devices for more than two years. Researchers called it one of the largest and longest-lasting cryptojacking attacks of its kind to date.
There are three common methods of cryptojacking that IT teams need to be aware of:
In many instances of cryptojacking, the victims are completely unaware that their systems are being exploited. But the damage can be severe: Cryptojacking impairs computing performance, shortens the lifespan of devices, causes irreparable hardware damage, and sends energy bills through the roof. To avoid the negative impact of cryptojacking, IT departments must find ways to identify threats and stop them from being successful.
Lansweeper Reports To Help You Detect Cryptojackers
Regardless of which method cryptojackers use to commit their crimes, processing power is required. So, it's possible to watch for a sharp increase in CPU usage, then investigate to see if cryptojacking software is the culprit. To give you better ways to detect possible cryptojacking software in your network, we've created a couple of specialized reports you can use:
While monitoring all your computer's CPU usage indefinitely is probably overkill, we have created a special report to provide you with multiple CPU usage metrics that help identify if and when your CPU utilization has spiked over the past two weeks.
If the cryptojacker is hidden in a Chrome extension, you can use our chrome extension report to check if any other computers in your network also have the same extension installed. In the case of the FaceXWorm cryptojacker, we've created a report with the known Chrome extension IDs, so you can do a preliminary sweep.
While this report won't flag suspicious processes for you, it does give you the option to look through the processes on a specific computer if you have a suspicion.
Some cryptojackers will leave behind files in your Windows folder or other directories. If you have knowledge of a specific file that indicates the presence of a cryptojacker, file scanning can help you check the rest of your environment.
Similar to file scanning, there are cryptojackers that leave registry keys. With registry scanning, you can check if those keys are also present on other devices in your environment.
The success of cryptojacking is dependent on evading detection for as long as possible. With these new Lansweeper reports, detecting cryptojackers in your IT environment will be easier and much more effective. Learn more on Lansweeper reporting capabilities, or visit our report library to browse through all of our existing reports.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
