No report yet of global cryptocurrency attack in India: CERT
- Author: Zachary Reyes May 19, 2017,
May 19, 2017, 21:22
However, Adylkuzz is not ransomware. Adylkuzz installs a known cryptocurrency miner called cpuminer on compromised machines.
According to McAfee, the dangers of Adylkuzz mainly lies in the nature of malware, where it lies undetected as it silently infects systems and is hard for the layman to realise that he or she is under attack.
Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.
"Mining of cryptocurrency simply means solving complex cryptography problems designed within the algorithm of a cyber-currency that requires a lot of computing", Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS.
Proofpoint claims the Adylkuzz attack likely predates the WannaCry attack by several weeks, and possibly affects "hundreds of thousands of PCs and servers worldwide".
According to Kaffeine, the three Monero wallets used to collect the proceeds for the malware's mining operations have netted the group at least $43,000, but the crooks have nearly certainly earned much more.
Digital currencies like Bitcoin or Monero can be "mined" by making computers crack increasingly hard mathematical equations to create what's known as a "hash".
However, the choice of Monero is due to its enhanced anonymity capabilities according to McAfee Asia Pacific chief technology officer Ian Yip. "You can't use Monero to go buy groceries". "Bitcoin on the other hand, has a lack of privacy". Interestingly, it was around before WannaCry suggesting those bad guys weren't thinking big enough. "The seller can also have insight into your entire transaction history".
"Currently tens of thousands of computers worldwide are affected as part of this worldwide attack, and it's rapidly growing". There's no clue on who's behind the attack.
Proofpoint traces the Adylkuzz hack back to at least May 2 - 10 days before the WannaCry attack - but says it may have originated as early as April 24.
Proofpoint researchers discovered that criminals behind this malware are using the same leaked NSA tools that the WannaCry ransomware used to attack Windows machines.
"Any system that has not been patched is susceptible to Adylkuzz, so we strongly urge governments and organisations to have an aggressive patching plan in place to mitigate these threats".
The malware quietly but fast generates digital cash from machines it has infected. Instead, they enter a computer on the operating system level and spread through organizational networks. "As this is old malware, McAfee has long had detection for it".
WannaCry leveraged exploits stolen from the NSA to lock the computer systems of hundreds of thousands of companies, ranging from hospitals to auto manufacturers, and hold their data for ransom.
Prevention is still the best cure for many forms of malware.
"While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally".