Sub Total
Excluding delivery and voucher code discounts.
Go to basket

Free Delivery on all orders to UK mainland within 3 working days.

HP TECH TAKES /...

Exploring today's technology for tomorrow's possibilities
HPImage

What is Cryptojacking and How to Stop an Attack

Dwight Pavlovic
|
There are widespread implications to the continued growing interest in cryptocurrency and blockchain technology, and they go beyond the potential use of digital money and how it’s mined. Unfortunately, hackers expanded into illicit cryptomining through a new type of attack called “cryptojacking” malware.
In this article, we’ll explore exactly what cryptojacking is, including how hackers find ways to co-opt your hardware, how you can detect cryptojacking, and how to resolve any issues you may experience.

What is cryptojacking?

Cryptojacking (sometimes written as “crypto jacking”) is an emerging online threat that uses malicious code to trick your computer into mining digital currencies for someone else. According to Interpol, cryptojacking covers any activity that “secretly uses a victim’s computing power to generate cryptocurrency.”
In other words, these web jackers don’t use their own resources to build their digital wallet, they use yours, which saves them money on the hardware investment and energy commitment (no big electricity bills to worry about!). They target a number of personal computers – like yours – to build a distributed network, rather than build a large-scale cryptomining enterprise, which requires a lot of space, hardware, power, and supervision.

How does cryptojacking work?

Threat actors have a variety of ways to access your device and secretly install malicious cryptomining scripts.
The most common methods are very similar to other forms of malware, which sneak into your PC through online interactions, especially through web browsers and email clients. Simply clicking a bad link in a scam email or on an unfamiliar website is enough to let a cryptojacking script into your system.
HPImage
There are also different types of cryptojacking, which have two primary methods of infecting your device. The first involves traditional malware and malicious link scams, and the second uses an open web page to co-opt resources while you’re on the site. The latter is often more challenging to identify and stop.

Why are cryptojacking attacks so common?

Cryptojacking attacks are common because it’s a safe method for hackers to gain access to your resources. It also has a big profit potential compared to the risk. As opposed to typical malware that steals your information for a direct attack on your data and accounts, cryptomining malware uses your PC’s resources to mine for digital money.
Victims are often unaware and the scripts are difficult to track, which makes it hard to track an attack. That means it’s primarily up to victims to manage the threat independently. Let’s look at some of the clues you can use to identify a cryptojacking attack on your system.

How to tell if your device is infected

Since cryptojacking depends on your hardware to mine new currency, it is easiest to detect through physical indicators on your device. Two crucial signals are energy usage and overall usage, but here’s what else you should take seriously.

1. Reduced performance during normal use

Using computers to mine cryptocurrencies requires a lot of energy and processor power. CPU usage is heavy, which means your computer will struggle to mine cryptocurrency effectively if it’s performing other tasks. That’s why legal mining often depends on dedicated hardware, rather than a PC you use daily for work or play.
You must watch out for reduced and erratic performance, especially when using less resource-intensive software. Simply checking your email or scrolling through a spreadsheet is not enough to cause most personal computers to struggle, so if you do experience serious slowdown, you may want to investigate further.

2. Overheating and excessive cooling activity

Heat regulation is a much bigger challenge for infected devices. In addition to running slowly, your device may actually become hot to the touch, especially ventilation points and areas near critical components. If your computer is older or you have your own cooling solution setup, you may notice excessive fan noise or system activity.
This will have many short-term consequences, including damage to internal hardware and erratic behaviour (errors, slowdowns, etc.). It leads to further wear on components, which is often a root cause of reduced performance over time. Cryptojacked or not, overheating on your device is a sign that something is wrong, so it’s important to find out why it’s happening sooner rather than let it continue.

3. Decreased battery life and charging capabilities

By splitting your resources with a cryptojacking script, your computer places a bigger strain on its energy sources.
If your computer is plugged into an outlet, this means you’ll spend more on electricity. And if you’re using a laptop or notebook, this means the battery won’t last as long away from a power source. If you’re using a brand-new device and its battery is losing its charge much sooner than it should, it may be compromised.
You may also notice a delay when you try to recharge the battery. Since some cryptojacking code can hide itself by operating when you aren’t using your computer, it doesn’t matter whether you’re active or not. Malicious cryptomining can take place even when you’re not logged in.

4. Signs of activity outside of regular use

Cryptojackers, and their cryptomining malware, are becoming increasingly sophisticated. One of the more recent and difficult to detect varieties involves hiding malicious activity when you’re actually using your device. The script may only activate when you close all your tabs and apps, or it may be programmed to stay below a certain percentage of CPU usage.
This makes it all the more difficult to tell if you’re the victim of a cryptojacking script, because there are fewer visible opportunities to detect an intrusion. However, if your computer is already warm before using it or after a short break, you may be dealing with cryptojacking or another type of malware.

How to stop cryptojacking

The best way to shield your device against cryptojackers, or any type of malware, is proper oversight. What that entails depends on your typical usage, but there are several good rules of thumb that any user should follow.
If you need to protect additional devices at home or at work, consider talking to everyone else involved about the threat. You should also seek assistance from your company’s IT department or enterprise services to help you prevent cryptojacking.

1. Maintain your browser

For most users, browser maintenance only requires a couple of quick notes. First, make sure your browser is up-to-date so you have basic defences against the most recent cryptojacking scripts. These updates can’t promise total protection, but they provide the most recent browser security changes.
Keep an eye on your browser extensions, too. Cryptomining malware is often packaged as apps or browser extensions that you may knowingly or unknowingly add to your system. Whether you use Microsoft Edge, Google Chrome, or another browser, be sure to research any unfamiliar apps – and promptly delete anything you didn’t download yourself.

2. Block known sources and coin jacking sites

Use your browser settings to block sites you know or suspect of using cryptojacking scripts. The roots of cryptojacking lie in software designed to passively mine cryptocurrency when a consenting visitor navigates to their website. In this scenario, cryptomining replaces pop-ups or embedded advertisements as a source of revenue.
If your browser supports blocking individual websites, you can keep a running list of no-go websites. You can typically add suspicious URLs to an index via the browser’s security or general settings. Your browser may even feature a dedicated extension for blocking.

3. Install anti-virus and malware prevention software

Installing, updating, and running a cybersecurity program on your device is the best way to minimize attacks. Some work passively, and others may require you to periodically run scans and apply new updates.
Here’s a quick rundown of 3 leading options:
  • McAfee Total Protection: McAfee has the best range of prices and coverage for the most devices. The $69.99 Ultimate plan currently supports unlimited device coverage, while the $24.99 AntiVirus Plus plan covers up to 10 devices.
  • Bitdefender: This is another popular option that users praise for its streamlined design, which means device management is easy. It’s available in a variety of plans with different add-ons, including hands-on support from Bitdefender technicians and security researchers.
  • Webroot: Webroot is available in different editions based on use, from the home to the workplace. There are 3 plans for home users, and Webroot specifically highlights cryptojacking in its onboarding material.
If you’ve used the same antivirus software for a long time, you may want to check the latest reviews and compare your options. A free or older service that was great at launch may no longer receive updates as often as you need them.

Who is most at risk from cryptojacking attacks?

The risk of cryptojacking is great for all types of users, but especially for professionals who lack the protection of a dedicated enterprise IT or security department. Gamers are also at an elevated risk, because they may mistake slower computer performance and overheating as signs of lacklustre hardware.

Summary

The threat of cryptojacking is greater than ever, but most users can protect against it with a few additions to your browsing or maintenance routine. Or you can take some of the pressure off your agenda and upgrade to more comprehensive anti-virus protection. Direct support and affordable coverage is more accessible than you may think.

About the Author

Dwight Pavlovic is a contributing writer for HP Tech Takes. Dwight is a music and technology writer based out of West Virginia.

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license. https://www.nytimes.com/wirecutter/reviews/best-all-in-one-printer/

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit https://softwareoffer.intel.com/offer/20Q3-19/terms.

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (https://www8.hp.com/us/en/privacy/ww-privacy.html)