Definition:Cryptojacking

💻 Cryptojacking is a form of cyber attack in which an unauthorized party hijacks computing resources — servers, endpoints, cloud instances, or even IoT devices — to mine cryptocurrency without the knowledge or consent of the device owner. In the insurance context, cryptojacking sits within the broader category of cyber risks that underwriters must evaluate when pricing cyber insurance policies, and it presents a distinctive challenge because it often operates covertly, causing financial harm through elevated electricity costs, degraded system performance, and accelerated hardware wear rather than through the dramatic data exfiltration or ransomware encryption events that typically trigger claims notification.

🔧 Attackers deploy cryptojacking malware through multiple vectors: phishing emails containing malicious scripts, compromised websites that execute browser-based mining code, and exploitation of vulnerabilities in cloud infrastructure or container environments. Once active, the mining code runs in the background, consuming CPU and GPU cycles to solve cryptographic puzzles that generate cryptocurrency — typically privacy-focused coins like Monero — deposited into the attacker's wallet. For businesses, the most immediate impact is a spike in computing costs, particularly for organizations running workloads on metered cloud platforms where resource consumption translates directly to billing. Detection can be delayed for weeks or months because the malware does not typically encrypt files or steal data, meaning it may not trip the same alarms that a ransomware incident would.

🔎 From an insurer's perspective, cryptojacking complicates cyber risk quantification because the losses are often diffuse — higher utility bills, reduced system availability, possible breach of cloud service agreements — rather than concentrated in a single dramatic event. Whether a cryptojacking incident triggers coverage under a cyber policy depends on the specific wording: some forms require unauthorized access or a security failure, which cryptojacking may satisfy, while others focus narrowly on data breach or business interruption triggers that cryptojacking may not clearly meet. As a result, underwriters and claims adjusters must pay careful attention to policy language, and brokers should proactively discuss this exposure with clients — especially those with significant cloud infrastructure or large fleets of networked devices.

Related concepts: