The cryptocurrency Bitcoin has experienced a rapid boom in recent weeks: Within four weeks, its value doubled from $20,000 to briefly $42,000 – only to fall by $8,000 in one day. But it is not only the volatility of this digital currency that is worrying: In many ransomware attacks, the hackers demand their ransom in Bitcoins. Cybercriminals are also increasingly tapping into private computers and company networks to mine cryptocurrencies – without the owner of the computer noticing.

How cryptojacking works and how to protect yourself from it:

It was just ten years ago that programmer Laszlo Hanyecz paid 10,000 Bitcoins for two pizzas ordered, making it the first documented transaction of a cryptocurrency for a real economic good. The value of Bitcoins was still around 41 dollars at that time. On the day of the last peak in early January 2021, the pizza coins were worth almost $420 million.

No wonder that mining new cryptocurrency is very attractive at the moment. However, mining legally has not been worthwhile for a long time due to the enormous computing power required and the horrendous electricity costs. Miners are therefore desperately looking for other resources – and do not shy away from illegal, criminal methods. Security experts are already talking about a very special “industry”, Bitcrime. Researchers at the University of Sydney estimated as early as 2018 that almost 80 billion US dollars of Bitcoins are converted into criminal activities. And the IT analysts at “Cybersecurity Ventures” expect that around 70 percent of all crypto coins will be generated through criminal business in 2021.

Kidnapping computers, secretly mining

Accordingly, the number of attempts to engage in cryptojacking is also increasing. Because at some point, miners realized that not even high-end PCs with a powerful processor were enough to make a profit from mining and cover the associated costs. So miners started to build huge computer farms to mine for cryptocurrencies on a commercial scale. Since this was also not profitable in view of horrendous electricity costs, the idea of cryptojacking arose, i.e. using devices (computers, smartphones, tablets or even servers) without the consent or knowledge of the users to secretly mine cryptocurrency at the victim’s expense.

Basically, there are two types of cryptojacking attacks: browser-based or by infecting with malware. Browser-based attacks are comparatively harmless. More dangerous are cryptojacking attacks, in which malware is downloaded after a phishing attack. Once the computer is infected, the cryptojacker works around the clock to mine cryptocurrency, hiding in the background. The criminals use security gaps in applications such as the web servers Apache, iis, ngix, php, in content management systems or databases that can be accessed directly from the Internet. For example, they can plant the mining script on web servers, routers or in content management systems so that it is distributed to all websites that flow through these systems. The goal is to create a huge botnet of devices and use their CPU cycles for cryptomining – at minimal cost to the attacker.

Three different types of cryptojacking

Temporary cryptojacking
Mining only runs for a certain period of time, and that is whenever you are on a certain website or use a certain app that your own system uses for cryptojacking. Often, these scripts used for “mining” come with pop-up or banner ads.

Drive-by cryptojacking
Here, even when leaving a corresponding website, a small pop-up window remains unnoticed. The mining process only ends with a restart.

Continuous cryptojacking
This procedure runs through malware that enters the computer system. It is usually hidden in the attachment of e-mails or in JavaScript ads.

How to prevent cryptomining?

Pay particular attention to so-called phishing emails. Don’t open, don’t click anything!
Block JavaScript in your browser to prevent drive-by cryptojacking.
Use browser extensions to crack down on cryptomining. Examples: AdBlock, No Coin or MinerBlock.

The typical signs:

• High processor utilization
• A computer that works slowly and responds due to this load
• Computer ventilation running at full speed
• Strong heating and rapid battery drain in smartphones

What can I do to improve my safety?

Most measures to reduce your cyber risk also protect against cryptojacking. Particularly important aspects include:

• Employee awareness (dealing with emails, pointing out possible signs of cryptojacking)
• Securing Internet browsers
• Considered assignment of admin rights
• Securing and monitoring the servers
• Observation and documentation of the everyday, usual computer load in order to be able to detect deviations if necessary
• Digital parasites drive up electricity costs

Some cybersecurity experts point out that, unlike most other types of malware, cryptojacking scripts do not harm victims’ computers or data. The only annoying thing is the slower computer performance. But for large organizations that have been infected by many cryptojacking systems, there are still significant electricity and IT labor costs. In addition, reduced computing power could lead to certain business processes no longer running quickly and smoothly enough. In any case, there is cause for concern (and to check whether you are affected). After all, those that are susceptible to mining malware are also threatened by other harmful software.

Read our glossary article on the topic of “cryptojacking” here!