A Chinese headmaster was found to be performing cryptocurrency mining secretly using the school’s electricity supply and was fired later.
According to reports, the teachers were complaining about the excessive power consumption in the building to which Hunan man Lei Hua had dismissed the reports to be the fault of air conditioning units and heaters.
But it was found later that eight cryptocurrency mining machines were hooked up to the power supply. The electricity bill ran up to 14,700 yuan (£1600) mining Ethereum 24 hours a day.
At first Hua spent 10,000 yuan on one mining machine and on seeing the excessive electricity costs due to this machine, he decided to minimize his overheads by moving the operation to the school in summer 2017. This resulted in not only having a high electricity bill for the school but also overloaded the network, interfering with teaching. Hua was fired last month, and his deputy, who tried to get in on the scheme by buying and plugging his own machine into the school computer room, was given an official warning.
This case clearly shows the impact of cryptocurrency mining on organizations. A Canadian university was forced to shut down its entire IT network recently after discovering the malware on its systems.
The cryptojacking attacks are on the rise. McAfee revealed that coin mining malware detections rose 629% in the first quarter to more than 2.9 million samples, while Trend Micro revealed a huge 956% increase between the first half of 2017 and the same period this year.
Just like in this school there may be many cryptomining operations running in your organization’s network also without anyone’s knowledge and so the IT team has to be cautious. One of the best methods is to find out any abnormality in your electricity bill. Also measure the changes in your HVAC usage for heat dissipation even though this is a difficult task. Finally, also look for sudden changes in capacity or usage, as well as significant deviations in pattern and velocity. It is also worth noting that “entity analytics” tools can be used to help find the irregular network behavior indicative of a cryptomining attack.