By Chad Knaus, IT Systems Engineer

Nearly everyone has heard about Bitcoin by now, even if you don’t really understand how to mine for it.  Bitcoin – and its dozens of competitors – are a new class of currency called “cryptocurrency.” These digital currencies are paid as a reward for digital mining, an activity that is similar to mining for gold in the physical world. The problem with cryptocurrency mining is that it takes a lot of computer power – more than most people have to spare.  So, there is a new threat to the operational potential of computers – both personal computers at home and, even more so, banks of computers or computer networks in a business environment.  That threat now has a name: cryptojacking.

Cryptojacking is essentially a hijacking of your personal or business computer resources.  It is malware that secretly and silently uses these resources for cryptomining purposes. Since it takes massive computer resources to make any real money with cryptomining, cryptominers have discovered that, by splitting up the processing into small chunks across numerous machines, they can amass the large amounts of computer power needed to earn worthwhile volumes of cryptocurrencies which are worth varying amounts of money depending on the type of currency mined.

Here’s how it works: Savvy hackers commonly embed cryptojacking malware inside the JavaScript code on otherwise normal, safe web pages. When a user opens an infected website, their computer begins to run small bits of code that confiscate computer resources from that user – and in the vast majority of cases, this happens without their knowledge or permission. In other words, cryptojacking steals your computer power and resources in order to do the heavy lifting of cryptocurrency mining on behalf of the miners so they don’t have to invest in the computer systems to do it on their own.

Clearly, this is a problem for both individuals and businesses.  In the business world, cryptojacking impacts computer performance, and when spread across numerous users or even the corporate network, it can have a direct impact on the business’ overall productivity and cause untold headaches for the IT department in trying to determine what is going wrong.  But – take heart! There are some proactive steps you can take to combat this threat.

Cryptomining: What Can You Do About It?

  • Renew Your Focus on Patching: Staying up to date with patches is very important in the fight against any kind of malware, and cryptomining is no different. Focus in particular on Windows and third-party patches, especially web browsers, so you don’t give cryptominers a key to your computer’s back door.
  • Scan for Viruses: While patching helps prevent malware attacks, they do of course still happen. So it’s also critical to keep your anti-virus programs up to date and to run frequent full-system scans.  This is a good practice whether you’re concerned about cryptojacking or not.
  • Clean Up Browser Histories: Ok, this may be a little tough, especially in a corporate setting, but you should consider purging the browser extensions of each user when they are no longer using them. A little easier for users to grasp and do on their own: Close or exit web browsers that are not actively being used. When they’re closed, they aren’t depositing malware code onto your users’ systems – or gaining access to your network’s infrastructure.
  • Know Who You’re Communicating With: Since cryptominers are depositing malware on trusted sites, it’s often hard to avoid becoming infected with cryptojacking code. But there are a few safeguards you can put in place – both personally and professionally – to better clarify just who your own personal computer as well as your business users’ computers are interacting with. Start by implementing a browser ad blocker.  Many can be turned on and off at will, so this shouldn’t be met with too much opposition from your organization’s users. Next, add some URL filtering and use a network monitoring solution so you have more control over and visibility into exactly what is taking place behind the scenes.

Want to learn more? Read an expert blog from SRC Technologies that explores the many reasons it’s important to renew your focus on patching today. Interested in other sneaky things cybercriminals are doing? Find out how to stop phishing in this article by Paul Jablonski, security and ITSM consultant at SRC.  What about the Internet of Things (IoT) – learn how to protect your organization from cybercriminals poised to use the Internet of Unsecure Things (IoUT) as a back door into your corporate network.