How To Make Money Through Hacking

Never forget the classic

You may remember ransomware from its sell-out 2017 tour (you might recall its smash hit, WannaCry, which crippled the NHS), and it's not gone away. Research from Sophos shows that from 2017 to 2020, ransomware campaigns have only dropped 3%, and 51% of companies are still hit by ransomware. This makes it an effective way for hackers to make money. We spoke of this iconic cyber villain in our 2019 annual cyber security report, and highlighted its continuing prevalence in our 2020 report too. Theoretically, it's the simplest way to monetise a hack. Through sophisticated phishing tactics or simply by dropping malware once access has been gained to a network, hackers can begin encrypting crucial files and charge a hefty sum (usually in Bitcoin) to unencrypt them.

If that wasn't bad enough, a lot of companies found that when they paid the ransom (something you should never do) they didn't actually get their files back. You can't trust hackers these days. Worryingly, ransomware is evolving. Some strains deliberately slow the rate of encryption and spread in order to keep under alerting thresholds and therefore stay undetected for longer. Some have even showed devious tactics like directly encrypting the hard drive's Master Boot Record, meaning there's no need to waste all that time going from file to file.

Bitcoin on a chessboard

Some hackers use Bitcoin to monetise their ransomware attacks

WannaCry alone is known to have earned hackers at least £108,000 in Bitcoin. This is a tidy sum, but the cost to businesses is of course much higher than this, as they must suffer loss of sales and cost of recovery. £100k is a good haul, so hackers are unlikely to let it go.

Have you considered a career in security?

Penetration testers use real-life hacker tools and techniques to legitimately test the security of an organisation's apps and infrastructure.

Bulletproof are always on the lookout for talented individuals, so if you're a seasoned pen tester or just looking to start out, you'll find a role on our careers page.

Learn More

Monero coin sitting on a CPU

And once you've been mining long enough, a coin grows inside your computer. That's how it works.

Hi-ho hi-ho, let's mine some Monero

As we pointed out in the Bulletproof annual cyber report 2019, cryptojacking became more prominent on the cyber landscape over 2017's ransomware trend. For reasons I still don't understand, Bitcoin became a thing, setting a precedent that lead to a rise in digital 'currencies'. The majority of these are obtained by using CPU or more recently GPU power to 'mine' for it. As said, Bitcoin is the most popular currency, but is becoming increasingly harder, and therefore less profitable, to mine. Monero seems to be the currency of choice for most hackers.

When mining for Monero (XMR), you are in fact part of a wider mining pool which uses your resources to maintain a public ledger which records transactions. For every transaction recorded you are rewarded with a small amount of XMR. If all of this sounds like nonsense, well, it's because it is, but that's the world we live in now.

The value of cryptocurrencies can fluctuate wildly, and the profitability of mining them is affected considerably by how much it costs to run the mining rig. A single computer won't help much in the grand scheme of things, so naturally, to make any real money out of mining Monero, people will need a lot of CPU. A lot of CPU will inevitably rack up quite the electricity bill. So, instead of home mining rigs, hackers have worked out that it's more cost effective to use other people's CPU to mine for them.

This approach has led to a cryptojacking epidemic. Racks of servers are obviously juicy targets, so businesses have been hit relentlessly by the trend. Monero is different in the sense that the algorithm used to mine it can be injected into the code of a website or browser, meaning that anyone who happens to visit the affected website will unwittingly provide their CPU to a mining pool. The current value (at time of writing) of XMR sits at $64. Obviously, it takes a long time – or a lot of CPU – to generate 1 XMR, but several hacking groups have found ways to earn thousands from these campaigns.

A man mining cryptocurrency