Thu, May 18, 2017 - Page 7 News List

Hackers are mining digital currency in ransomware attack


A computer virus that exploits the same vulnerability as the WannaCry ransomware attack has latched on to more than 200,000 computers and begun manufacturing digital currency, experts said on Tuesday.

The development adds to the dangers exposed by WannaCry and provides another piece of evidence that a North Korea-linked hacking group might be behind the attacks.

WannaCry, developed in part with hacking techniques that were either stolen or leaked from the US National Security Agency, has infected more than 300,000 computers since Friday last week, locking up their data and demanding a ransom payment to release it.

Researchers at security firm Proofpoint said the related attack, which installs a currency “miner” that generates digital cash, began infecting machines late last month or early this month, but had not been previously discovered because it allows computers to operate while creating the digital cash in the background.

Proofpoint executive Ryan Kalember said the authors might have earned more than US$1 million, far more than has been generated by the WannaCry attack.

Like WannaCry, the program attacks via a flaw in Microsoft Corp’s Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.

Digital currencies based on a technology known as blockchain operate by enabling the creation of new currency in exchange for solving complex mathematics problems.

Digital “miners” run specially configured computers to solve the problems and generate currency, whose value ultimately fluctuates according to market demand.

Bitcoin is by far the largest such currency, but the new mining program is not aimed at Bitcoin. Rather it targeted a newer digital currency, called Monero, that experts say has been pursued by North Korean-linked hackers.

North Korea has attracted attention in the WannaCry case for a number of reasons, including the fact that early versions of the WannaCry code used some programming lines that had previously been spotted in attacks by Lazarus Group, a hacking group associated with North Korea.

Security researchers and US intelligence officials have cautioned that such evidence is not conclusive and the investigation is in its early stages.

Early last month, security firm Kaspersky Lab said that a wing of Lazarus devoted to financial gain had installed software to mine Monero on a server in Europe.

A new campaign to mine the same currency, using the same Windows weakness as WannaCry, could be coincidence, or it could suggest that North Korea was responsible for both the ransomware and the currency mining.

Kalember said he believes the similarities are “more than coincidence.”

“It’s a really strong overlap,” he said. “It’s not like you see Monero miners all over the world.”

This story has been viewed 1333 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top