Cyber criminals swap ransom for forced labour

Hackers have moved away from the ransomware techniques used so prevalently in 2017, to instead force computers to do their hard work for them.

Previously, one of the more common cyber crime techniques was ransomware – which involved encrypting user data and charging a fee for its release. In order to make the payment more difficult to trace, it was often made in Bitcoin, or similar cryptocurrency.

Such techniques, though successful on occasions, relied on the victims to actually pay up. Many refused – because they had a data backup, because they didn’t value it as highly as the ransom, or because they were aware that the encryption software was so poorly made that their files would likely be corrupted even after release anyway.

As such, cyber criminals have shifted their focus away from ransomware and instead set victims’ computers on a programme of forced labour.

Bitcoins aren’t simply released into the world by a benevolent digital banker but can be ‘mined’ – at great processing power. Typically, this is far too much for a single home computer to manage. However, by creating an army of computers all working to ‘mine’ for Bitcoins, the success rate becomes much greater.

This is the theory behind the malware ‘Smominru’, recently discovered by security experts at Proofpoint. They estimate some 526,000 Windows PCs are infected with the botnet, primarily in Russia, India and Taiwan. It’s been something of a success, too, with Smominru earning its creators millions of dollars in just a few months.

Experts have warned that this method of attack could be much more effective for cyber criminals, and therefore much more widely used in future. This isn’t just because of the potential returns on offer, but the fact that it can go on indefinitely. Ransomware had a definite start, middle and end, with the malware taking effect, encrypting files, then them being released once payment was made. So-called cryptomining, on the other hand, can continue for as long as it remains undetected.

Whilst this may seem like a better deal for users too (as they won’t be issued ransoms for the ‘safe’ return of their files), there are still cost implications. Devices hit with this malware will run a lot slower and drain battery much quicker – meaning they’re also likely to need replacing a lot sooner than they otherwise might.