Article

Crypto-Mining Malware May Be a Bigger Threat tha Ransomware

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,132 viewsSign in to rate
Cryptocurrencies such as Bitcoin and Ethereum have gone mainstream; it seems like everybody and their brother is looking to buy some crypto and get their piece of the digital currency gold rush. Hackers want a piece of it, too. In addition to hacking ICO’s and cryptocurrency exchanges, they’re using crypto-mining malware to “mine” their own “coins.” Crypto-mining malware isn’t new; last summer, this blog reported on a crypto-mining malware called Adylkuzz that came to light in the wake of the WannaCry attacks. Adylkuzz took advantage of the same Windows exploit as WannaCry. In fact, it acted as a sort of “vaccine” against the ransomware, preventing it from taking root in Adylkuzz-infected computers lest it interfere with its Monero-mining operations. However, Adylkuzz wasn’t a kinder, gentler malware. While it didn’t directly lock down systems or access data, it did hijack infected machines’ processing power, and it proved to be far more lucrative tha WannaCry; it’s estimated that Adylkuzz raked in 10 times more money for its users tha WannaCry. At first, rogue crypto-miners were viewed as an annoyance; the most they did was slow down machines and perhaps cause problems accessing certain network folders. They were also seen as more of a threat to consumers than businesses. Many variants went after IoT devices, such as smartphones, overwhelming their processors to the point where the devices could be damaged or even destroyed. However, as crypto-mining malware has evolved, it has become more sophisticated, and hackers are looking to harvest enterprise processing power. Move Over, WannaCry; Here Comes WannaMine Recently, Dark Reading reported on yet another exploit of the Ete al Blue tool stolen from the NSA, a crypto-mining malware variant dubbed WannaMine. WannaMine doesn’t attack smartphones and other small IoT devices; it goes after Windows computers, and isn’t just slowing systems down. Security firm CrowdStrike reports having seen it cause “applications and hardware to crash, causing operational disruptions lasting days and sometimes even weeks.” A report in Security Week elaborates on how WannaMine appears to be designed to specifically target enterprise networks: WannaMine, the security researchers explain, employs “living off the land” techniques for persistence, such as Windows Management Instrumentation (WMI) permanent event subscriptions. The malware has a fileless nature, leveraging PowerShell for infection, which makes it difficult to block without the appropriate security tools. The malware uses credential harvester Mimikatz to acquire legitimate credentials that would allow it to propagate and move laterally. If that fails, however, the worm attempts to exploit the remote system via Ete alBlue. To achieve persistence, WannaMine sets a permanent event subscription that would execute a PowerShell command located in the Event Consumer every 90 minutes. The malware targets all Windows versions starting with Windows 2000, including 64-bit versions and Windows Server 2003. However, it uses different files and commands for Windows Vista and newer platform iterations. WannaMine isn’t the only crypto-mining malware harnessing Ete al Blue and using the Windows Management Infrastructure to propagate. Another Monero-mining worm, dubbed Smominru (aka Ismo), has infected over a half a millio Windows hosts, most of them servers. These “next-generation” crypto-mining malware variants have proven extremely difficult to take down. First, the malware is distributed. Second, even if all machines on a network are patched against Ete al Blue, the malware will seek to use the Mimikatz credential harvester to get in by cracking a weak password. Finally, some legacy antivirus products do not detect crypto-mining malware because it doesn’t actually write files to an infected machine’s disk. Protecting Your Organization Against WannaMine and Other Crypto-Mining Malware There are several ways to protect your enterprise systems from being hijacked for illegal crypto-mining: • Keep your systems and software up-to-date; only older Windows machines are susceptible to the Ete al Blue exploit. • Use network security software to monitor for and block the activity needed for crypto-miners to work. • Ensure that all system users are using strong passwords that cannot be cracked by Mimikatz. In addition to doing damage to enterprise systems, crypto-mining malware can be employed by real-world threat actors to fund their criminal activity. It’s in everyone’s best interest to put a stop to it.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026