The cryptoverse has been the target of a handful breaches and malwares in the past couple of months. Now there seems to be a new target on the block and that is the Bitcoin (BTC) mining industry.
There has been news that China’s expansive Bitcoin mining industry is the target of a new ransomware, which is threatening particularly for the economy of Sichuan river basin, where most of the mining farms are located. Actually it houses a significantly huge percentage of the Bitcoin blockchain’s hashpower.
The ransomware, called “hAnt”, was first detected back in the August of 2018. And according to observations, it targets a broad variety of mining rigs including, Bitmain‘s Antminer S9, T9 and L3 and Avalon equipment.
Despite its early detection, the initial method of its introduction still remains unclear. All that is known about hAnt is that its method of propagation is a matter of great concern for the Bitcoin mining industry, which is already fragile at the moment, battered by weak Bitcoin prices. Not to forget the impending threat of a change in the government policy on economical hydroelectric power.
Similar to other conventional ransomware, hAnt is responsible for encrypting a miner’s file and rendering it useless. Which is as bad as a death sentence considering the fact that the profitability of the mining operation is dependent on constant uptime. After this step, however, nothing about hAnt remains conventional.
In a typically conventional case, the ransomware demands for a certain amount of cryptos in exchange for revealing the decryption instructions. hAnt, however, uses a rather evil tactic. It literally forces the victims to choose their own poison, very much like Bandersnatch of Netflix’s Black Mirror.
The moment the victim connects to the affected rig in order to figure out the problem, they end up being presented by the following, cryptic and rather ominous interface.
One click on this ant, and the ransom prompt is brought up, if that wasn’t creepy enough; the prompt appears in Mandarin and partly in awkward English. The prompt presents the user with a choice between paying up 10 BTC in exchange for decryption instructions.
It further carries the added threat infecting other mining rigs with a downloadable firmware update, which further propagates the spread of the ransomware.
It is a pretty smart way for the criminals to create a revenue stream, knowing full well that not ever miner can afford to pay up, they will be forced to go for the second option. Even in that case the criminals will get a wider selection of miners who may be willing to pay the ransom. It is a “win win” situation for them.
In the event that the victim refuses to pay the ransom or spread the program, the note threatens to ruin the victim’s business by turning off the mining rig’s fan, which will lead to overheating and physical destruction of the delicate equipment. However there have been no confirmed reports of damaged equipment. Which could mean that the threats may very well be empty.
For further updates stay tuned to BlockPublisher.
