Leave a comment

What in the world is WannaMine and how do you stop it?

What in the world is WannaMine and how do you stop it?
© Elnur | Dreamstime.com

The biggest malware attack last year was the WannaCry ransomware strain that affected over 400,000 across 150 countries worldwide. It has targeted private companies and public organizations and has actually endangered the lives of people.

According to its analysis, the criminals behind WannaCry ransomware exploited the Eternal Blue vulnerability in earlier Windows operating systems. (This flaw is an NSA tool leaked by Shadow Brokers last year.)

Eternal Blue is a Windows SMB flaw that affected older unsupported Windows versions, such as XP and Vista, that millions of users apparently still use. Note: SMB is Windows' file-sharing protocol.

Although Microsoft already patched most of these flaws, even issuing updates for unsupported Windows systems, researchers from Naked Security have seen a surge in the cases of a new malware strain that still uses the same Eternal Blue exploit.

This new malware attack is called WannaMine and it combines the spreadability of WannaCry and the worst bits of cryptojacking.

Read on and I'll tell you why WannaMine is the latest security threat you have to watch out for.

First, what is cryptomining?

Simply put, cryptomining is a way to contribute to the massive computational horsepower and energy needed to maintain and validate a cryptocurrency's transaction network and ledger. This is a perfectly legal way to earn cryptocurrencies, by the way.

Since cryptocurrencies do not have central governing bodies like regular currencies have with banks, they require the public's help to secure it. As an incentive, "miners" can earn extra cryptocurrency by contributing computing resources.

Cryptomining mining is difficult by design and it requires "miners" to solve extremely complex math equations. This activity needs tons of computer processing and of course, the hardware that performs it consumes a lot of electrical energy.

Then came cryptojacking

What is cryptojacking? It's a new method for hackers to generate revenue for themselves at your expense.

Since cryptomining consumes tons of electrical energy, fraudsters love sourcing out this activity to others. Instead of putting up server farms dedicated to cryptomining, they would rather steal your computer resources to do the heavy lifting for them.

They can do this by hijacking your browser or by installing cryptomining malware secretly on your computer. Think of it as similar to a botnet, except it's used for mining cryptos like Bitcoin or Monero instead of performing denial of service attacks.

Click here for a detailed look at how cryptojacking works.

So what is WannaMine then?

As the word suggests, WannaMine is a combination of the WannaCry exploit and cryptomining.

It's when hackers use the Eternal Blue exploit used in the WannaCry attacks, but instead of infecting computers with ransomware, they use the security flaws to spread cryptomining malware instead.

Is your own cryptocurrency stash at risk of being stolen? Not really.

All WannaMine does is use your computer resources to generate profit for the cryptojackers. It's an equal opportunity malware and it doesn't matter if you're into cryptocurrencies or not at all.

Signs of a WannaMine infection

Cryptojacking software is meant to run in the background without being detected but there are tell-tale signs that your computer has it.

You may notice slower than usual internet connections and slower computer performance. Since cryptomining uses your computer's processing cycles, it consumes more energy.

This means WannaMine can make your computer work overtime and rack up your energy bill. Your Windows computer will run hotter than usual, and if you have a laptop, it will have poor battery life.

ln fact, Androids phones that were infected with cryptojacking malware can literally burn to the ground due to overheating!

Watch out for sudden spikes in computer's CPU activity via Window's Task Manager and kill any unknown programs that are using up abnormally high resources.

More importantly, having a WannaMine infection also means that your network is vulnerable to other forms of malware, including ransomware, trojans, and worms. Better patch up any security holes you may have immediately!

How to protect yourself from WannaMine

Since WannaMine uses the same Eternal Blue exploits as WannaCry, the same security precautions apply:

First, it is CRITICAL to make sure your Windows OS is up to date.

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Windows 7 system, check out our tips on how to set up and check Windows Updates.

Backing up your critical data is also an important safety precaution in the fight against malware. It's the best way to recover files that could get damaged or corrupted during an infection.

We recommend using our sponsor, IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Click here to receive a special discount of 50 percent.

In other news, ATM "jackpotting" scam hits the U.S.

Aside from cryptojacking, another money grabbing scam is spreading across the U.S. Click here to read more about ATM jackpotting, the latest banking threat to hit our shores!

Next Story
Amazon sales are soaring...but why?
Previous Happening Now

Amazon sales are soaring...but why?

How cybercrooks are using your LinkedIn profile to steal your info
Next Happening Now

How cybercrooks are using your LinkedIn profile to steal your info

View Comments ()