New Ransomware Strain Attacking Bitcoin (BTC) Mining rigs in China

According to reports, a new strain of ransomware is threatening to overheat and ultimately destroy mining rigs if the affected rigs don’t pay ransom demand of 10 Bitcoin’s. This new ransomware strain has been targeting Bitcoin (BTC) mining rigs in China. As of press time, a number of infections by the ransomware strain have been reported in China. Remember that China is the location with the most cryptocurrency mining farms in the world.

Bitcoin (BTC) Price Today – BTC / USD

NamePrice24H %

New Ransomware Strain is Named hAnt

Named hAnt, the new strain of ransomware was first identified in August 2018, now a wave of new infections has reportedly been initiated against mining farms this month. As per the report, the majority of the affected mining rigs are Antminer S9 and T9 devices. In rare instances, the Avalon Miner equipment was also reportedly infected by hAnt in smaller numbers at least.

How hAnt Infections are Initiated by Crooks

How the infections are initiated are still unclear. But cyber security experts within the Chinese region believe crooks typically infect mining farm’s data equipment, by sending hAnt hidden inside the tainted versions of rig firmware.

According to reports given by Chinese media, after hAnt has infected a mining rig, it locks the device and stops it from mining new cryptocurrency. When equipment owners remotely link to devices (using a CLI) or manually (with LCD screens) the first thing they’ll observe is a splash screen displaying an ant along with two pickaxes in green ASCII characters, which has a striking resemblance to the red skull displayed by NotPetya ransomware during a previous wave of attacks.

hAnt Threatens to Shutdown Mining Fan and Overheat Protection Feature if Victims Fail to Pay 10 Bitcoin Ransom

As per the report, if victims of the ransomware fail to pay the 10 Bitcoin ransom or infect 1,000 other devices, the affected mining rig’s fan will be turned off, and its overheat protection will be compromised which will ultimately lead to the destruction of the device. The ransom note is unique when compared to other ransom demands observed on desktop ransomware variants since victims are given an option or made to make a choice.

To remove the ransomware from the mining rig, victims can pay a 10 Bitcoin ($36,000) ransom or download a malicious firmware update to further spread the hAnt ransomware.

There haven’t been any reports of destroyed equipment yet since the attack was launched by crooks. This suggests that it may be an empty threat. Although security experts say, hAnt could in theory abuse or compromise an overclocking feature in Antminer to overheat and destroy devices.

However, there have actually been reports that the new ransomware can spread on its own, to other mining equipment linked to the same network although this mechanism hasn’t been fully explained technically as of press time.

Apart from reports of financial losses caused by the hAnt ransomware after the ransomware stopped mining operations, victims have reported losses initiated by the time required to reflash infected mining equipment SD card to remove hAnt and install clean or untainted firmware.

Reports like these will only make things worse for the course to push for more adoption and normalization of Bitcoin (BTC) and other cryptocurrencies globally.

Brian Lubin is a Crypto News Reporter for Smartereum. He's well-known for his reports on the crypto markets.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.