One month after the release of the Acronis True Image 2019 Cyber Protection update, we’ve already gotten some interesting findings and amazing results to share from our update to our Acronis Active Protection defensive technologies. One of the major features added as part of the Cyber Protection update was the ability to detect and stop potential cryptomining malware in Windows systems, safeguarding the machines resources, performance and potential hardware of Acronis True Image users.

Our detection of possible cryptojacking attacks works exactly the same way as our anti-ransomware solution: Acronis Active Protection detects a threat, notifies the user, and offers a choice to either block or whitelist the process.

While we did not expect to see a lot of detections during the initial rollout, the telemetry data collected so far – surprisingly – shows the opposite.
More Detections Than Expected

The first month resulted in tens of thousands of detections from all over the world. Among the well-known standard miners detected were xmr-stak-cpu.exe, Claymore CryptoNote CPU Miner, rhminer, and xmrig Monero miner. Along with those legitimate strains, several new malware samples and legitimate processes were detected as well.

Typically when anti-virus solutions detect cryptominers, it is hard to tell if the process was intentional mining or illicit because the AV solutions automatically respond to each incident. With Acronis Active Protection, the user has to act to each detection, so we can tell if an incident was an attack or an approved process. Armed with this telemetry data, we found that more than 60 percent of the mining detected in the first month was illicit – having been stopped by a user who did not whitelist it later.

That examination clearly shows that a lot of today’s malicious miners are injected into legitimate signed processes, using them as a mining host to avoid detection. What is most alarming is that this approach is actually working – these miners are not being detected by a lot of anti-malware solutions out there.

We will continue to research the topic but for users out there we recommend to check their AV solution if it able to detect such a threat. To be on a safe side, install Acronis True Image 2019 Cyber Protection as an additional layer of protection. Not only will it take care of your data’s safety, but it will also help preserve your system resources and hardware in the long run.