The Adverse Impacts of ‘Wannamine’ Cryptojacking Malware
Despite the plummeting of the value of most digital currencies since the beginning of the year, cryptojacking is still a significant threat to crypto investors. Cryptojacking is the act of stealing computational processing power to mine virtual currencies.
Last year, the American National Security Agency (NSA) fell victim to a cyber-attack that resulted in the stealing and online disclosure of classified computer exploits. Since then, individuals around the world have been trying to leverage the information contained in these exploits for personal gains. Among the most interesting features in the NSA exploits was EternalBlue, a tool that remotely accesses any computer running on the Windows operating system, regardless of its location.
As expected, hackers capitalized on the leak and started using EternalBlue to conduct ransomware attacks on individuals, groups and corporate institutions across the globe. Precisely, the malicious attackers deployed EternalBlue alongside WannaCry and NotPetya to facilitate the rapid distribution of the malware. The effects were devastating, as the software spread to all computers on a network once a single node was infected. As a result, Microsoft, the developers of the Windows OS, released a security update patch to solve this challenge. Although many users installed this update, over a million computers are still exposed according to Shodan, a specialized search engine.
Nevertheless, hackers have resorted to alternative methods of extorting users despite the fact that many computers are vulnerable. Still, they depend on EternalBlue to gain access to targeted computers. Instead of deploying ransomware, hackers are currently favoring cryptojacking, which as mentioned earlier, involves the stealing of processing power to mine cryptocurrencies.
Without divulging into details, Cybereason, an American cybersecurity company, stated that its client was recently breached by a cryptojacking attack known as ‘Wannamine.' Apparently, Wannamine rapidly spread to over 1,000 computers in the unnamed client's network. As per Amit Serper, an employee of Cybereason, Wannamine penetrates computers using an unpatched SMB service and gains code execution with administrator privileges that enable it to propagate across a network. Moving forward, the malware increases its persistence and develops arbitrary code execution abilities on as many nodes as possible throughout the affected network.