Posted on September 17, 2018 at 5:49 PM
A crypto-mining malware called WannaMine continues to spread ever since it was first noticed in October 2017. The malware came to be as a knockoff of WannaCry ransomware, and it seems to be just as dangerous for unprotected devices.
Cryptojackers succeeded ransomware
Despite the fact that 2018 has been a bad year for cryptocurrencies, with many of them losing a lot of their value, the act of cryptojacking still persists. Cryptojacking, which is basically the illegal use of someone else’s computing power for mining cryptocurrencies, seems to even be a new large trend in the world of cyber criminals.
Many would agree that the real problem started last year when the NSA had its highly classified computer exploits stolen in a hacking attack. The exploits were published online, for everyone to see and use. Since then, online criminals from all around the world have been doing just that.
Many still remember the attacks conducted through the use of WannaCry, NotPetya, and EternalBlue. The ransomware attacks spread like wildfire and compromised the computers all around the world. While proper patches were quickly distributed, some analysts claim that there are still numerous computers vulnerable to these exploits.
However, as time went by, cybercriminals seemingly started to lose interest in ransomware attacks. Instead, many started searching for alternate methods of generating income. At the same time, the crypto market experienced its biggest boom ever, and the hackers’ attention was bought. Soon enough, a new threat, a cryptojacker Wannamine came to be, and it became the world’s newest big trouble.
What you need to know about Wannamine
The first reported attacks quickly confirmed that this cryptojacker is nothing to joke about. An unnamed company revealed that the attack propagated itself over more than 1,000 of their machines. Soon, researchers discovered that the malware enters the systems via an unpatched SMB service in order to get code execution with high privileges.
It then spreads across the network and infects as many devices as possible. It can spread extremely quickly, and it is much more destructive, dangerous, as well as profitable for those behind the attack. It has a potential to mine cryptos much faster and more efficiently than other such threats, and at the same time, it controls the computer it infects. That way, the machine cannot go to sleep, which eventually allows the malware to mine even more coins.
What’s more, the researchers claim that the malware can even search for additional mining software so that such processes can be quickly terminated. That allows it to dominate the device and take every scrap of processing power for itself.
Currently, it is estimated that there are over 919,000 servers in danger of being breached by EternalBlue. The real number might be much higher and might even exceed 1,000,000 such devices. This is due to the estimated number of 919,000 doesn’t include actual devices, but only vulnerable networks. The number of devices on each network can vary greatly, meaning that the true number of vulnerable computers likely include several million machines.
To combat the threat, experts advise installing the year-old patches, which are still functional, and supposedly successful in protecting the computers. This is expected to work since Wannamine is not exactly a new threat, and is largely based on its predecessors, like EternalBlue. It takes advantage of pretty much the same vulnerabilities, meaning that the same protections should work against it.