Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Ransomware Rakhni adds cryptomining to double its threat, says Stealthcare CEO Jeremy Samide

July 2018 by Jeremy Samide, international threat assessment authority, and Stealthcare CEO

Rakhni, a family of ransomware that emerged in 2013, has just added cryptomining, to the ransomware component of this malware, doubling the threat to government, business and not-for-profit organizations.

Jeremy Samide, international threat assessment authority, and Stealthcare CEO, points out, “While so much recent media attention is given over to state actors such as Russia and North Korea, the biggest threats to private businesses and organizations come from criminal enterprises motivated by greed. Organizations that use cryptocurrencies for any of their transactions are juicy targets, along with law firms and healthcare organizations, whose reputations rest on confidentiality.”

Samide explains how Rakhni works: “Rakhni’s downloader decides whether to infect individual victims with the ransomware component or increasingly with its new cryptominer. While this latest peril represents a shift toward relying on cryptomining for ill-gotten gain, ransomware will continue to threaten organizations by denying users access. The common thread is that threats actors in both cases want to be paid in cryptocurrencies.”

Samide went on to say, “Over the past several years, the popularity of cryptocurrencies has grown exponentially, attracting the attention of threat actors who thrive on their anonymity. High-profile ransomware attackers use malware such as WannaCry and NotPetya to lock out system users and demand ransom payments in cryptocurrencies. With cryptomining, criminals skip the ransomware step, and go directly to stripmining the victim’s accounts of its assets.”

Samide reported on Rakhni’s new threat in their weekly client publication: “The anonymity of cryptocurrencies makes them a perfect vehicle to monetize criminal activity in relative obscurity. Moreover, hackers are shifting focus away from Bitcoin and Etherium, while focusing on newer, less-well known currencies such as Monero, Coinhive and Zcash that are even less traceable than the legacy currencies.”

Explains Samide, whose cybersecurity firm Stealthcare, is based in the US and Canada, “In-browser cryptojacking relies on JavaScripts, which are installed on popular websites and available to anyone with felonious intent. Using JavaScript, the hacker infects the victim’s own browser with crypto mining malware that secretly diverts small amounts of currency at a time to his own account.”

Facing expansion and growing sophistication of cyber threats, Stealthcare has changed cybersecurity from defense to a more aggressive posture that relies on early warning, threat assessment, cutting edge machine learning technology and human intelligence. Stealthcare’s proprietary platform Zero Day Live, for example, detected increasing trends in cryptomining and cryptojacking attacks when they first emerged and provided its clients with advance warning and countermeasures to ward off the attacks.

Samide concludes, “Playing defense is no longer adequate. When we developed Zero Day Live, it became the world’s first complete cyber threat intelligence aggregation platform to spot emerging trends, uncover actionable information, and report on high-value intelligence that allows companies to respond quickly to impending threats.” Stealthcare researchers and technical staff also provide ongoing assistance to clients that includes human threat assessment and, if need be, disaster recovery and follow-up tactics to hinder future attacks.

See previous articles


See next articles