Here at Solutions Review, we’ve reported heavily on the wave of illicit cryptocurrency mining attacks—often times called cryptojacking—hitting enterprise and government servers around the world. Cryptojacking has proven to be a far more lucrative cyber-criminal venture than ransomware, which may be why the latter has seen a noticeable decline in favor of the former over the past year.
Unlike ransomware, cryptojacking doesn’t deliberately shut down enterprise business operations, nor does it encrypt important files. In fact, these attacks do everything in their power to conceal itself from your IT security team. Therefore, it may be easy to dismiss cryptojacking as irrelevant to your enterprise’s network safety.
This is a mistake and potentially costly one at that.
In fact, cryptojacking can be devastating to both your network’s functionality and your overall bottom line. The true costs of cryptojacking can be staggering. Here’s what you need to know:
A Quick Definition of Cryptojacking
Cryptocurrency mining, by itself, is actually a legitimate process. Cryptocurrencies rely on blockchain technology to secure transactions and ensure a clear ledger of those transactions. These transactions are bundled into “blocks,” which need to be verified to ensure that they are legitimate (i.e. the same Bitcoin wasn’t used in two different transactions at once).
Cryptocurrency mining, then, is basically users volunteering their endpoints’ processing power to verify these blocks on behalf of the exchanges. All cryptocurrencies reward users with the fastest processing time with a small amount of the cryptocurrency in question. Since a single Bitcoin is currently valued at $8,841, this can be too enticing an offer for users to pass up.
However, as it turns out, cryptocurrency mining is a digital labor-intensive process. Malicious threat actors, therefore, look to pass the costs onto anyone else—including your enterprise. This is when innocent cryptocurrency mining becomes cryptojacking.
What Does Cryptojacking Cost?
Editor’s Note: We’ll be using Bitcoin as a unit of measurement for cryptojacking attack costs, as it is the most popular/well-known cryptocurrency on the market and the one with the most reliable statistics. These findings can and do apply to other cryptocurrencies as well.
There are, according to Motherboard, 300,000 Bitcoin transactions a day. At current market prices, hackers could turn a profit using 24 terawatt-hours of electricity annually. That comes to 215 kilowatt-hours for each individual Bitcoin transaction.
In a human context, the average American household consumes 901 kilowatts a month. So a single illicit Bitcoin transaction verification is the equivalent of a suburban home’s electricity bill for a week added onto your total enterprise’s electricity bill—and that is a conservative estimate.
Another conservative estimate is the average electricity bill for a suburban home bill totaling $183 per month or about $45 a week. Even if the cryptojacking attack only completes one transaction per week, that is an additional $2,196 on your enterprise’s yearly electricity bill. Furthermore, as Bitcoin scales up in value, it will require more electricity to mine, and therefore more attacks will follow.
That yearly bill doesn’t cover the physical damage that cryptojacking can wreck on your enterprises. There have been reports of illicit cryptojacking attacks overheating electrical substructures and destroying wires and transformers. The cost of hiring an electrician can run as high as $85 an hour, not to mention the several thousand dollars of hardware needed to replace any damaged electrical components. For the purposes of this exercise, let’s say you need a workweek of repairs and new electrical panel. Conservatively, this bill comes to $6,400.
So far, a cryptojacking attack can cost your business $8,596 conservatively. That isn’t even getting into costs that are harder to quantify.
Cryptojacking and Network Damage
In the paragraphs above, we said that cryptojacking attacks don’t typically attempt to disable enterprise network functions. However, that doesn’t mean they have no effect on your digital functionality: any program or code requiring that much physical power will undoubtedly drain your enterprise’s processing power as well. Internet and business processes slowdowns and even outright shutdowns aren’t uncommon as the result of cryptojacking attacks.
The costs of these network symptoms can depend on the size of your enterprise’s IT environment, the extent of the cryptojacking attack, the dwell time, and the time your network is slowed or stopped. Thus it can be hard to calculate accurately. However, these costs can include:
- Outside IT security expertise needed to find and remove the threat.
- Administrative costs in communications to investors, customers, and partners.
- Time and overtime of your IT team investigating the issue.
- Lost revenue due to your digital services being down.
- Long term reputational damage costing your business repeat customers.
- Any preventative endpoint security measures you enact to stop a repeat attack.
If the prospect of these cryptojacking costs concerns you (as it should) then it is time to start investigating endpoint security solutions for your enterprise. An ounce of prevention can save you a staggering amount of time, money, and stress. Now’s the time to get ahead of it.
Latest posts by Ben Canner (see all)
- SentinelOne Snags $200M in New Funding to Strengthen Endpoint Security - February 20, 2020
- 4 Key Capabilities of Healthcare Endpoint Security - February 19, 2020
- The Evolution of Enterprise Endpoint Attack Vectors - February 13, 2020