Hello, welcome to the Monday, March 5th, 2018 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Orich, and I'm recording from Jacksonville, Florida.

Xagyi came across yet another desktop, a crypto miner that was installed by malware.

Now what's sort of interesting in this particular case is that

the malware is fairly protective of the system. Now, this isn't really new where malware is sort of

deleting, competing malware, but in this case, the malware is trying to get a hold of as much CPU as it can by the leading competing crypto coin miners.

Now, the way these crypto coin miners are identified is by the process name, so nothing really all too fancy.

But sort of interesting, it's a pretty good and complete list of these processes.

So this list actually has a nice defensive use in that you could use this list and then

look for processes like this on your own system in order to find crypto coin miners.

And of course, there is almost no online crime these days

that doesn't touch cryptocurrencies in some way. Also, recent Memcash denial of service attacks

apparently are asking for ransom to be paid in Monero. So there's only a subset of the hacks that people

were talking about last week. Not all of the attacks are asking for ransom. Now, how they're

asking for ransom? Well, the payload of the packets they're flooding you with actually will

include instructions.

Now, Akamai who is reporting about this, did say that you probably are better off not paying.

And the simple reason is that apparently all victims are receiving the same address to send the money to.

Also, this address has been used in the past, indicating that

this is an older group that is still sort of riding that wave of asking for ransom in response

to the Nile of Service at Axe. The problem is because, well, it's just one address. They

don't really know where the money is coming from. So really not

...