The hacking attack that took thousands of computers’ data for ransom over the last week, WannaCry, hasn’t apparently been very lucrative for its makers so far.
But another, apparently larger and smarter hacking attack that uses the same exploits, is silently using vulnerable machines across the globe for profit.
This is according to a report by security company Proofpoint, which has discovered the “very large-scale” attack that, instead of encrypting user data and asking for ransom, silently installs a cryptocurrency miner on the victims’ computers.
The attack, Proofpoint claims, uses EternalBlue and DoublePulsar exploits, both of which come from a recently released cache of NSA’s hacking tools. The exploits install a program called Adylkuzz, which mines the Monero cryptocurrency and sends it to its owners. At the time of this writing, one Monero is worth $28.44.
The process of mining uses the computer’s resources — its processor and/or graphics card — to perform complex computations, which in turns “creates” new Monero coins. Running such an operation on one computer wouldn’t result in much financial gain, but with thousands of computers working on the same goal, it can be very lucrative.
Proofpoint claims the Adylkuzz attack likely predates the WannaCry attack by several weeks, and possibly affects “hundreds of thousands of PCs and servers worldwide.”
The Adylkuzz attack is less disruptive than WannaCry, as it doesn’t encrypt your data — in fact, many users won’t know it’s there at all. But that doesn’t mean it won’t cause damage; slowing down thousands of computers and business’ entire networks does have its price in the long run.
Since Adylkuzz only attacks older, unpatched versions of Windows, all you need to do is install the latest security updates. But this isn’t as easy for millions of users running pirated versions of Windows, or for businesses and users who are blissfully unaware of just how prone to exploits their ancient computers are.
As for the hackers behind the attack, they appear to be making bank on this one. Proofpoint claims the system is set up in a way to avoid paying too many Monero coins to a single address, but has easily found several addresses which have received $7,000, $14,000, and $22,000, respectively, and claims there are “many more.” There’s no clue on who’s behind the attack.
For comparison, WannaCry makers so far earned a little over $80,000, and they’ll likely have a hard time claiming that money.
Meanwhile, The Shadow Brokers, a hacker group that recently released a trove of NSA’s hacking tools and exploits to the public, said Wednesday they would keep doing that, even offering a monthly subscription service for security exploits.