Laptop running slow? You might have been cryptojacked.

by Egress
Published on 11th Jan 2022

It’s always frustrating when your laptop starts to slow down. The more you click, the more it seems to stutter and have a good think about everything you ask it to do. Joining video calls and even opening documents becomes a chore.

Normally, this is a sign to free up some storage space or request a new device/component from the IT department. However, an unusually slow laptop can also be the sign of something more sinister – cryptojacking.

What is cryptojacking?

Cryptojacking is a common scam where someone uses your device to mine for cryptocurrency without your permission. Unsuspecting people carry on using their laptop or computer normally, unaware that their processing power is being leeched to mine cryptocurrency.

Without going into too much complexity, the cryptomining process essentially turns computing resources into cryptocurrency coins. And the more computing resources you have, the more cryptocurrency you can mine. In the early days, anyone with a computer could do it. Before long though, even the most high-end PCs with powerful processors couldn’t mine profitably enough to cover the costs.

Miners now need huge farms of computers with dedicated hardware and sky-high electricity costs to turn a profit. Obviously, this is out of reach for the majority of people – so cybercriminals came up with the idea of unknowingly using other people’s computer power.

There’s never been higher interest (and more money) in cryptocurrency. The overall market cap reached almost $3tr in 2021. Cryptocurrencies that focus on privacy and anonymity, such as Monero (XMR), are more popular with cybercriminals than mainstream coins, such as Bitcoin, as these transactions can’t be traced.

How does cryptojacking work?

It usually starts with email phishing. The emails will look like they’re from a legitimate source and can be highly convincing. Cybercriminals trick people into clicking on malicious links within emails that either directly load cryptomining code onto their device or lead them to a compromised website where the script automatically runs.

Some cryptomining scripts even have worming capabilities, so they can spread and infect multiple devices and servers within a network. One computer is pretty insignificant when it comes to cryptomining. But by building a botnet of infected devices, an attacker can create a network with huge processing power.

The key is that the cryptomining code works silently in the background as you use your computer in a normal way. You might experience some lag or slower performance – but many people will write this off as a benign issue rather than spotting the sign of cryptojacking.

Truth told, it’s a pretty easy way for cybercriminals to make money. They simply send phishing emails, wait for people to click, then let the cryptocurrency roll in. And even when (if ever) the victim does figure it out, it’s highly unlikely any repercussions will ever come the hacker’s way.

Real-world example

‘PowerGhost’ is stealthy cryptojacking malware that avoids detection in a number of ways. Attackers use spear phishing to gain an initial foothold within a system before stealing Windows credentials. From there, it leverages Windows Management Instrumentation and the EternalBlue exploit to spread further through the IT system. It’s also capable of blocking antivirus software and disabling competing cryptominers that have previously infected a device.

Why is it such a problem?

Cryptojacking scripts don’t do any obvious damage to your computer, as all hackers want to do is steal your CPU processing resources without you realizing. So you might be wondering… Is it really such a big deal when compared to other cyber threats such as ransomware?

For an individual, being cryptojacked is mostly just annoying and can lead to dented productivity. However, if you scale that loss of performance and productivity across an entire organization, that can become a real problem for a business. In Malwarebytes 2021 State of Malware Report, they noted that BitCoinMiner was the top business threat for Windows computers.

An organization suffering widespread cryptojacking can experience:

  • Constant complaints to IT helpdesks
  • Time spent trying to find and remediated issues
  • Added electricity costs (sometimes greatly increased)
  • Money wasted unnecessarily replacing components and whole devices
  • Some scripts can even be malicious, crashing victims’ computer if they attempt to remove the malware.

How prevalent is cryptojacking?

Because of its stealthy nature, it can be difficult to put a number on exactly how much cryptojacking takes place. But cyber experts do agree that it’s widespread. It’s still a relatively new form of cybercrime and there’s room for it to evolve further.

According to an Enisa report, there was a 30% year-on-year increase in the number of cryptojacking incidents in 2020. It’s increasingly popular with cybercriminals because cryptojacking kits are easy to purchase on crime-as-a-service marketplaces (for as little as $30 according to a report by Digital Shadows). Hackers may see it as an easy way to make a continuous stream of profit – some can make as much as $10,000 a day.

Cryptojacking can go undetected for a long time and won’t attract as much attention as a ransomware attack. It’s easy to scale and hard to trace. Plus, most victims wouldn’t bother legally pursuing perpetrators anyway, as nothing has been stolen or locked via encryption.

Can you prevent cryptojacking?

Detecting cryptojacking can be difficult, even when many devices within your organization have been compromised. It might take a prolonged period of reduced productivity and costly repairs to finally realize something out of the ordinary is happening.

Here are four things you can do to protect your business:

  • Employee awareness. Educate people within your organization to consider that cryptojacking may be the reason their computer or laptop is running slow. Also, they need to be aware of the threat of phishing – as this is the primary delivery route of cryptojacking malware.
  • IT team awareness. Unusual amounts of complaints about poor performance? Lots of overheating systems? Especially regarding laptops/computers that are relatively new and would be expected to be healthy? Time to investigate cryptojacking.
  • Blocking extensions. Some extensions can detect and block cryptomining scripts from running such as No Coin and MinerBlock. However, scripts are constantly changing and there’s no perfect cryptojacking blocker.
  • Anti-phishing solutions. Intelligent email solutions such as Egress Defend stop cryptojacking at the delivery stage by using machine learning and natural language processing to detect spear phishing attacks in real time.

Can’t afford to risk a cryptojacking epidemic? Stop the delivery vector and secure your organization against spear phishing – learn more about Egress Defend here or book a demo today.