Trends affect professionals in all industries – including hackers who build malware and the humble businesses trying to defend against it. Last year, businesses shook from fear of ransomware, which encrypts a device’s files and demands payment for the data’s safe return. The full force of ransomware was proven by WannaCry, a digital plague on Europe that devastated the U.K.’s National Health Service, German transit systems and dozens of other businesses around the continent.
These days, the threat of ransomware has faded and another malware has risen to take its place: cryptojackers. Also known as malicious cryptocurrency miners, these programs hide deep in computers’ hard drives, taking control of processors to mine cryptocurrency for their creators. They are dangerous because they slow computers, preventing legitimate users from enjoying fast handling, and because they wear down a computer’s components, requiring users to repair or replace costly parts more frequently.
Fortunately, for much of the rise of cryptojackers, private users were the primary targets – until now. Within the past week, a new cryptojacker threat has emerged, called PowerGhost, and it is coming after business devices.
What PowerGhost Does
PowerGhost functions as most other cryptojackers do: It infiltrates the device, secrets itself into background processes and mines away at valuable cryptocurrency. Unfortunately, like most new malware variants, PowerGhost isn’t defining itself by a single process, so it isn’t as easy to detect, avoid or eradicate.
The methods PowerGhost utilizes to break into business systems vary. Sometimes, the malware comes equipped with remote administration tools, indicating that the program’s actions are being controlled actively by a cybercriminal. Sometimes, the malware gets in through known vulnerabilities or exploits. These can be present in an organization’s network or endpoints as well as various programs installed on those endpoints, including the operating systems.
Next, Powerghost hides other cryptocjackers, which have long targeted personal machines, situate themselves on the hard drive, giving them direct access to processing power. However, by targeting business networks instead of individual computers and smartphones, PowerGhost has better methods of staying hidden and more power to drive its mining activity. Specifically, PowerGhost can go fileless, allowing the malware to move around a business network and evade detection. As it moves to different endpoints on the network, it identifies account credentials and continues on, escalating its privileges as much as possible.
As soon as PowerGhost reaches a single machine in a network, it begins mining – and it doesn’t stop until it is fully removed from a business’s network.
Why Businesses Don’t Want PowerGhost Around
Considering that businesses use dozens of different types of software, some might believe that one more program operating in the background won’t hurt. However, cryptojackers don’t command insignificant amounts of processing power; PowerGhost and others are trying to generate as much cryptocurrency in as little time as possible, which means processors are pushed to the max.
For businesses, this can be disastrous. As most business leaders know, every ounce of energy is necessary to maintain high productivity and high profits. The portion of computing power PowerGhost saps could reduce productivity significantly every day, slowing down employees’ devices and preventing them from completing as many tasks as usual. Worse, cryptomining is destructive to hardware, so businesses might be forced to replace equipment prematurely, which can quickly become costly.
All malware is expensive, but cryptojackers inflict especially high costs on victims. Fortunately, there are ways to keep PowerGhost off the network.
How to Thwart PowerGhost
Though PowerGhost is the latest and greatest evolution of cryptojackers, it isn’t invulnerable. In fact, businesses already equipped with advanced threat protection will likely never suffer from PowerGhost’s attacks. The best security tools include AI-ready threat detection software, encryption tools, account managers and automatic cloud backups.
Organizations without security should move quickly to arm themselves against PowerGhost and similar threats. At the very least, a business’s staff should be trained in cyber hygiene. This will help workers feel more comfortable utilizing digital tools without triggering a cyberattack. Often, cyber hygiene courses will include learning how to install program updates safely, how to draft strong passwords, how to identify scams and malware and how to react after malware begins an attack. Knowledge is power – even in fights against PowerGhost.
