Ransomware threatens to overheat and destroy
mining rigs if victims don't infect 1,000 other
devices or don't pay a 10 Bitcoin ransom.
A new strain of ransomware has been observed targeting Bitcoin
mining rigs. At the time of writing, most of the infections have been
reported in China, the country where most of the world's
cryptocurrency mining farms are located.
Named hAnt, this new ransomware strain was first seen in August of last year, but a new wave of infections has been reported hitting mining farms earlier this month.
Most of the infected mining rigs are Antminer S9 and T9 devices, used for Bitcoin mining, but there have also been reports of hAnt infecting Antminer L3 rigs, used for mining Litecoin. In rare instances, Avalon Miner equipment (used for Bitcoin), were also reported as infected,
but in much smaller numbers.
It is unclear how crooks first infect a mining farm's data center or
equipment, but some Chinese security experts suggest that hAnt
comes hidden inside tainted versions of mining rig firmware that
has been making the rounds online since last summer.
According to reports in Chinese media, once hAnt infects a mining
rig, it immediately locks the device and prevents it from mining
any new currency.
When equipment owners connect to devices remotely (via a CLI) or
manually (using LCD screens) the first thing they see is a splash
screen depicting an ant and two pickaxes in green ASCII
characters, similar to the red skull splash screen displayed by the
NotPetya ransomware.
https://www.zdnet.com/