Real Exali Damage Event: Cyber Criminals Turn Consulting Firm into Bitcoin Mine!

Digital currencies have been popular even before Elon Musk started hyping them. While not everyone understands how Bitcoin, Dodgecoin and so on work, most of us have heard of them before. Bitcoin mining, the production of bitcoins so to speak, is also a term most people are familiar with by now. Hopefully your business has never become the centre of a Bitcoin mining operation without your knowledge. But it did happen to the consulting firm in this real exali damage event...

Cryptocurrency: Cash for the Internet

Cryptocurrencies are a hype that doesn’t seem to be stopping. Bitcoin, Litecoin, Ethereum, Stellar, Dodgecoin: All of these terms refer to digital means of payment, or “cryptocurrencies”. They are also a payment network that is operated only by the users themselves and without a central authority (such as banks or authorities) or intermediaries. From the users' point of view, Bitcoin is the cash for the internet, so to speak.

What is Bitcoin Mining?

Bitcoin mining is the process of earning bitcoins by providing computing power - one could call it "digital gold mining". The computing power is required to process Bitcoin transactions, secure data and synchronise the users in the network. Bitcoin mining is thus a kind of Bitcoin data centre operated by "miners" worldwide.

Hackers Use Computing Power for Illegal Bitcoin Mining

The scene of this real damage event is a company that actually specialises in management consulting and has absolutely nothing to do with Bitcoin mining. Our at least it didn’t, until the wee hours of one fateful day when hackers got into the company’s system. At this early stage there were no employees in the office.

The cyber criminals cracked the administrators’ access code, hacked into the company’s computer system and installed a Bitcoin miner on the server. So the entire computing power of the server was used to mine Bitcoin.

Locked Out of their Own System by Cyber Criminals 

The attack only came to light a day later, when employees from the accounting department of the consulting firm tried to download documents from the banking software. Suddenly they no longer had access to the system and the task manager couldn’t be started either. The system was completely paralysed. The company hired an IT specialist to find out what the problem was. Fortunately, he immediately recognised what had happened, shut down the system and removed the virus.

Nevertheless, the company was only able to work to a very limited extent for several days. It wasn’t just the employees in the accounting department who didn’t have access to the system, the consultants were locked out too, which of course led to delays in processing customer orders and appraisals. 

The full extent of the attack and the amount of damage is still unclear. The insurer has already confirmed that it will assume the costs for the damage. This at least means the company won’t be left to cover the costs themselves and can now use their computers for their actual business, advising their customers.

Illegal Crypto Mining: New Scam from Cyber Criminals

Everyone is at risk of cyber criminals using their computers as a production facility for Bitcoin or other cryptocurrencies. That’s because this new source of income is very popular with hackers. The hackers don't have to put in a lot of effort to do this either. They hack into private or company computers and install a program in the background that hijacks the computer’s computing power and uses it for mining.

Users usually don’t notice the attack because the perpetrators often do not even have to block the computer completely. Some people only realise that something is wrong with the IT when their electricity bill goes up, since Bitcoin mining requires a lot of computing power and associated energy. One particularly problematic thing is that some hackers use security holes in the operating system to gain access to the servers.

Modern Protection against New Risks

The consulting company in this case was fortunately aware of the risk of a hacker attack in advance and chose exali Professional Indemnity Insurance with the modern “First-Party Cyber and Data Risks Insurance (FPC)”add-on. This add-on means consultants are optimally protected beyond their basic Professional Indemnity Insurance if their own computer systems are damaged by hacker attacks, DDoS attacks or data theft. The insurance company will then cover the costs of restoring the systems (for example, for computer forensics specialists or specialised lawyers).

Since the risk of a cyberattack – whether its Bitcoin mining, ransomware or a virus – exists for every business, the “First-Party Cyber and Data Risks Insurance (FPC)” add-on is available for every industry.

Calculate your premium:

Professional Indemnity for Digital Professions