Most of the worlds cryptocurrency mining farms are located in China and now the target is the bitcoin mining industry. There have been reports of malicious crimes and spread of ransomware previously, but this time around the location of the mining rigs is being compromised and it is one that contains a huge percentage of the Bitcoin blockchain’s hash power. This ransomware called ‘hAnt’ has been detected previously, but it targets a variety of mining rigs including Bitmain‘s Antminer S9, T9 and L3 and Avalon equipment. Although its origin and propagation is still unclear, it surely seems to be affecting the economy as the mining industry has weakened and so have the bitcoin prices.
Similar to the ransomware that recently affected Atlanta, Georgia, ‘hAnt’ encrypts the miners file making it useless and unrecoverable until a crypto sum has been paid in exchange for decryption keys. The only differing fact here is the victim connects to the affected rig and is presented by a cryptic interface that shows the prompt for ransom, but in Mandarin and partly in English. The message is as follows; I am hAnt! I continue to attack your Antminer. As long as you spread the infected machine, my server verifies that there are 10 new IPs and the number of antminers reaches 1,000. I will stop attacking you! Otherwise I will turn off your antminer’s fan and overheat protection, which will cause you to burn your machine or will burn the house.
Decryption tools are only provided once exchange of BTC is made. Not only this, but there is added threat of the ransomware spreading to other servers when the mining rigs are required to download firmware updates. For the hackers, this is a great way of gathering more revenue and knowing a miner wouldn’t be able to pay all upfront, the hackers will resort to spreading the virus on the rest of the servers in a bid to cash in from other miners.
In the event that a miner is unable to pay, he is presented with more threats that concern damage to their physical equipment. This would come as overheating and potentially ruining the victim’s business with obviously no equipment left to use. These malicious viruses seem to be spreading rapidly with more improved versions coming on part of the criminals and it is suggested users be careful and download firmware from their original equipment manufacturers and be educated on cybersecurity as to prevent any risk to their businesses and economy.