Last week's WannaCry ransomware attack hit thousands of computers
worldwide; its largest impact being seen on the National Health Service
where more than 40 healthcare institutions were impacted by the
file-encrypting malware. WannaCry hasn't apparently been very lucrative
for its makers so far. But another called Adylkuzz, apparently larger
and smarter hacking attack that uses the same exploits, is silently
using vulnerable machines across the globe for profit.
This is according to a report by security company Proofpoint, which has discovered
the "very large-scale" attack that, instead of encrypting user data and
asking for ransom, silently installs a cryptocurrency miner on the
victims' computers.
The attack, Proofpoint claims, uses
EternalBlue and DoublePulsar exploits, both of which come from a
recently released cache of NSA's hacking tools. The exploits install a
program called Adylkuzz, which mines the Monero cryptocurrency and sends
it to its owners. At the time of this writing, one Monero is worth
$28.44.
The process of mining uses the computer's resources — its
processor and/or graphics card — to perform complex computations, which
in turns "creates" new Monero coins. Running such an operation on one
computer wouldn't result in much financial gain, but with thousands of
computers working on the same goal, it can be very lucrative.
Proofpoint
claims the Adylkuzz attack likely predates the WannaCry attack by
several weeks, and possibly affects "hundreds of thousands of PCs and
servers worldwide."
The Adylkuzz attack is less disruptive than
WannaCry, as it doesn't encrypt your data — in fact, many users won't
know it's there at all. But that doesn't mean it won't cause damage;
slowing down thousands of computers and business' entire networks does
have its price in the long run.
Since Adylkuzz only attacks older,
unpatched versions of Windows, all you need to do is install the latest
security updates. But this isn't as easy for millions of users running
pirated versions of Windows, or for businesses and users who are
blissfully unaware of just how prone to exploits their ancient computers
are.
As for the hackers behind the attack, they appear to be
making bank on this one. Proofpoint claims the system is set up in a way
to avoid paying too many Monero coins to a single address, but has
easily found several addresses which have received $7,000, $14,000, and
$22,000, respectively, and claims there are "many more." There's no clue
on who's behind the attack.
For comparison, WannaCry makers so far earned a little over $89,548.08, and they'll likely have a hard time claiming that money.
No comments:
Post a Comment