The cryptominer botnet attacked over half a million Windows servers and computers so far...but that number is growing.
The good news is that Avast users are protected against cryptomining, which includes the current threat terrorizing the world’s Windows servers and computers. The Smominru botnet has torn through hundreds of thousands of servers and computers alike, hijacking their CPU power to mine the cryptocurrency Monero. ZDNet reports that the Smominru botnet mines 24 Monero ($8,500) a day, with a net total to date of 8,900 Monero ($2.8M - $3.6M).
Which brings us to the bad news — this botnet is still at large. Its strategically targets Windows machines and servers, the latter of which gives it more power and the added benefit that servers never shut down. Smominru reproduces itself at an incredible rate and continues to regenerate. Its tactic is to exploit EternalBlue, the same vulnerability used to fuel the WannaCry attacks last year and spread in a worm-like manner.
Smominru attack learnings
As cybersecurity experts continue to learn more about this botnet, we can share what we know. Over the last two weeks, the Smominru miner attacks came in waves, hitting a peak of 30,000 attacks in a single day. There seems to be a pattern of regeneration and spreading.
The hardest-hit countries, Russia, Ukraine, Taiwan, and Brazil, all experienced the most attacks and the most users targeted. This is likely not an instance of geo-targeting, but a simple case of finding Windows servers with the EternalBlue vulnerability. Machines in many countries around the world have been targeted.
What can you do?