Cybersecurity experts call it “cryptojacking” — hijacking computers to produce digital currency.

Share story

WASHINGTON — When unauthorized software found its way onto the network of a small Tennessee hospital, the culprits didn’t ask for ransom. They didn’t steal records. What they did was silently harness computing power for a moneymaking task.

The task was to “mine” digital currency, and the culprits did it by yoking together a quiet army of infected computers to generate a stream of money.

Cybersecurity experts call it “cryptojacking” — hijacking computers to produce digital currency, like bitcoin, Litecoin and Monero that have been in the news.

Infected networks or computers perform double duty, conducting normal functions (perhaps a bit more slowly) while also obeying remote commands to do calculations that generate digital currency for the criminals, or wrongdoers, who may be company insiders.

Up to 24,000 patients of the Decatur County General Hospital in Parsons, Tennessee, were notified in a Jan. 24 letter from the hospital that a server had been compromised, the HIPAA Journal reported Thursday. “The unauthorized software was installed to generate digital currency, more commonly known as ‘cryptocurrency,’  ” the hospital told patients, adding that it had no indication that intruders sought patient data like Social Security numbers or clinical and insurance information.

Israel-based Radiflow, reported last week that a large European wastewater site had five servers infected by “cryptojacking” malware.

“Unfortunately, it’s spreading quite widely,” Radiflow CEO Ilan Barda said of the infection. “There are reports now of Android devices being infected and reports of home devices and enterprise devices (being infected).”

The earnings from an infected computer might seem marginal. Cisco Talos, a threat- intelligence firm, calculated that an average computer might earn only the equivalent of 25 cents a day. But experts say it’s a volume business.

If 2,000 computers are harnessed together in an unseen network, it “could generate $500 per day or $182,500 per year,” the company said in a posting. “Talos has observed botnets consisting of millions of infected systems, which using our previous logic means that these systems could be leveraged to generate more than $100 million per year theoretically.”

Palo Alto Networks estimated in a posting last month that at least 15 million computers had been conscripted into crypto-mining operations worldwide, most heavily in Asia.

In the networks used by cryptocurrencies, miners solve mathematical puzzles as a way to confirm transactions. They obtain new cryptocurrency as a reward. Specialized processor farms have been set up in some countries to mine bitcoin, but other digital currencies can still be mined on small computers, or even handheld phones.

Infected computers and networks can slow down as their processors are forced into great activity. Hackers are not necessarily looking for powerful computers, experts said.

“You make it up in numbers,” said Richard Ford, chief scientist at Forcepoint, a Virginia cybersecurity firm. “You don’t need the fastest computer.”