Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?

That way you don’t have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment.

According to security researchers at Proofpoint, that’s exactly the reasoning shown by online criminals who are moving from regular ransomware to cryptomining.

A Monero-mining botnet called Smominru is said to have infected 526,000 Windows PCs since May 2017 – mostly in Russia, India, and Taiwan – and is earning millions of dollars for its operators.

How has Sominru managed to hijack so many computers into secretly mining cryptocurrency? Through use of the notorious EternalBlue exploit (CVE-2017-0144), stolen from the National Security Agency (NSA) by the ShadowBrokers hacking group, and then most famously put to work by the hard-hitting WannaCry ransomware.

Smominru isn’t the only threat. As researchers at Talos report, cryptomining may be taking over from ransomware as weapon of choice for cybercriminals:

“The number of ways adversaries are delivering miners to end users is staggering. It is reminiscent of the explosion of ransomware we saw several years ago. This is indicative of a major shift in the types of payloads adversaries are trying to deliver. It helps show that the effectiveness of ransomware as a payload is limited. It will always be effective to ransom specific organizations or to use in targeted attacks, but as a payload to compromise random victims its reach definitely has limits. At some point the pool of potential victims becomes too small to generate the revenue expected.”

Although it is unlikely that any individual infected PC will generate significant (Read more...)