Computer security has always revolved around keeping undesirables away from your PC. Like picking up a tick from the forest or a leech in the lake, people that browse the bustling, open internet often come home with an uninvited guest. In the form of a virus, bug, or malware program, these covert operatives are not only detrimental for computer performance but also pose a risk to owners as well. Despite the threat, improvements and advancements in internet security are always a half-step behind. By nature, new defenses are always matched by more sophisticated hacks.
There are numerous bad actors who can gain access to the contents of your computer and use it with all sorts of ill intentions. They can attempt to steal financial information and siphon money directly, but this requires immense effort. Ransomware is the hacker’s solution to maximizing the efficiency of their thieving endeavors, by gaining access to a PC and locking it from the owner until they pay. Hackers might encrypt the PC’s files and refuse to decrypt them, or install access blockers that prevent anyone but themselves from entering. Regardless, ransomware is aptly named because the end game is to demand money for the release of these digital hostages.
Ransomware had a ripe opportunity once mature cryptocurrency solutions hit the scene in 2010, because crypto ransoms are harder to track once paid, and they allow a scam to run for longer. Popular ransomwares like CryptoWall collected over $18 million before being shut down by authorities, and took in payments in Zcash, Monero, and other valuable and high-anonymity coins. However, as blockchain has evolved in tandem with ransomware defenses, hackers are engaging in a newer, more sinister threat that flies lower under the radar.
Chipping Away at PC Power
Cryptocurrency mining doesn’t have an immediate negative connotation, and most people know it as the incentivizing model behind bitcoin’s decentralized sustainability. Those who connect their PC to the bitcoin (or any other cryptocurrency) blockchain and set it to work processing and verifying transactions are rewarded in tokens with real fiat value. This motivational strategy keeps the network running smoothly despite the absence of any central authority.
Though mining began on the desktops and laptops of bitcoin enthusiasts around the world, it’s since been modernized in many ways. Software required to mine is now more lightweight, easier to deploy, and can be very profitable given the rising popularity of different cryptocurrencies. Additionally, privacy coins have sprouted up that each take a unique approach to blockchain anonymity. These conditions have led some companies like Salon—a popular online magazine—to offer ad-free experiences in exchange for mining cryptocurrency with readers’ computers while on the site. Such a phenomenon has vast potential for the future.
However, the revolutionary concept of mining can also be weaponized. Modern attacks have been designed to install well-hidden cryptocurrency mining programs on unprotected PCs. These stowaways share many of the same attributes as ransomware, invoking hard-to-track cryptocurrency payments, exhibiting difficulty with removal until they’re discovered (and paid off), and proving a resounding detriment to PC performance.
Additionally, mining programs sap the strength of the host computer and send all mined cryptocurrency to the hacker’s own wallet—anonymously, of course. Less like a hostage-taker and more like a parasite, this new ransomware is a threat that isn’t immediately noticeable by the PC’s owner but exhibits all the same calling cards.
A Revolution in Ransomware
The new kind of ransomware is a dangerous foe, can find its way onto PCs easily, and has an incentive to keep its activities as quiet as possible. Due to regulatory uncertainty regarding cryptocurrency, it’s still difficult to find solid footing to fight the threat.
Indeed, reacting to ransomware is a vital task for computer security companies and the young blockchain industry as well. Blockchain is already on the receiving end of a bad PR nightmare due to solutions like bitcoin, which requires a massive amount of electricity to mine, and it doesn’t need any more negative press. Mining is a notion central to the tenets of decentralization, and if it’s put at risk due to bad actors, everyone is punished.
Accordingly, solutions that can help address these risks are working hard to find a proper shield to defend against them. Appropriately, many solutions are emerging from the blockchain industry itself, though they may not have been originally designed for this purpose. Platforms like Endor employ ledger-based behavioral and heuristic measuring tools on the blockchain, which can be prompted in any language to produce “answers” to “questions” that are based on user activity.
A similar method might be to track the behavior of connected miners to the blockchain, attempting to determine the peers that are doing so involuntarily. An Endor user might observe their mining patterns, the type of coins mined, connection frequency, and then reference other interactions with the ledger for clues.
The need for a protective force against these viruses is undoubtedly dire. Microsoft reported that in an event last year spanning just 12 hours, over 400,000 attempts were logged during which PCs were injected with coin-mining ransomware—and those are just the ones they know about.
With all the positive ideas that blockchain is lending to the technology sector, we must remember that it is an open-source framework rather than a specific product or method. People can do bad things with blockchain, just as they can accomplish amazing things with it, but banning cryptocurrency or suppressing the proliferation of useful technology is tantamount to amputating a leg due to a bad knee.
Instead, combating unsolicited mining must be added to the top of the priority list of prominent decentralized developers, even above functionality like interoperability and scaling. Thankfully, the market hasn’t suffered the ill effects of crypto-mining viruses for very long, however, insuring there’s still ample time to design a proper inoculation.