New Malware Attacks Hold ASIC Miners to Ransom

- Advertisement -

According to reports from cybersecurity researchers, there’s a new ransomware virus on the loose that’s targeting bitcoin miners. A file locking program called H-Ant has allegedly infected certain Antminer models in China and if the ransom is not paid the software aims to destroy the infected machine.

Also Read: Money Transmitter License Not Required for Crypto Businesses in Pennsylvania

New Ransomware Called H-Ant Attacks Mining Rig Operators in China

Ransomware creators have found a new target to attack in the form of bitcoin mining operations. Unlike most traditional ransom attacks, where victims have to obtain coins in order to pay the ransom, victims of the H-Ant ransomware have cryptocurrencies on hand to pay the malicious attackers. The H-Ant ransomware that specifically targets certain Antminer brand rigs was first discovered by cybersecurity experts back in August 2018 but the malware did not become prevalent until this month. H-Ant can attack an S9 model, T9, and possibly even L3 Antminer brand litecoin miners. There have also been limited reports of Canaan brand Avalon miners that have been infected, explained the regional media outlet Yibenchain.

New Malware Attacks Hold ASIC Miners to Ransom
According to reports, H-Ant attacks the S9, T9, and possibly L3 litecoin miners. The virus has also infected Canaan brand Avalon miners.

The report also detailed that once a mining rig is infected with the H-Ant virus, the device will seize and stop mining cryptocurrencies. Then, if the owner hooks the device to an LCD screen, a matrix-like screen splash will appear and reveal the H-Ant ransomware note written in both English and Chinese.

“I am H-Ant,” the English version of the ransom note explains. “I will continue to attack your Antminer and as long as you spread the infected machine, my server verifies that there are 10 new IPs and the number of Antminers reaches 1,000 — I will then stop attacking you. I can also turn off your Antminer’s fan and overheat protection, which will cause you to burn your machine or can burn down the house.”

The ransom note continues by giving the H-Ant victim an odd choice to make:

Click the ‘download firmware patch’ button to download the firmware patch with your specific ID and just update it to your normal Antminer firmware to get infected. You can bring the machine that updated the patch to another computer room to complete the infection, or induce others to use the firmware patch in the network group — Or pay 10 BTC and I will stop attacking.

- Advertisement -
New Malware Attacks Hold ASIC Miners to Ransom
The initial H-Ant screen splash.

Custom Overclocking Firmware Might Be the Root Cause of the H-Ant Ransomware

Yibenchain detailed in its report that a miner using a pseudonym told the publication on Jan. 5 his mining software management interface displayed the H-Ant screen splash. Then he clicked the screen which displayed the ransom note asking for 10 BTC ($35K at press time). Moreover, mining pool Btc.top founder Jiang Zhuo’er told the Chinese news publication 8btc that miners have been monitoring the virus for a while now. The infection is a Linux based virus that can find its way into the mining rigs firmware files quite easily.

New Malware Attacks Hold ASIC Miners to Ransom
The H-Ant ransom note in Chinese and English.

Jiang has detailed that the virus may have derived from an anonymous creator of an overclocking firmware. Mining pools often “overclock” their machines in order to increase the device’s overall hashrate. For example, with custom overclocking firmware an Antminer S9 that processes at 13.5 terahash per second (TH/s) could produce up to 18TH/s. Overclocking is not encouraged by mining rig manufacturers, but mining pools often download custom firmware that allows this behavior and the H-Ant virus likely derived from this trend. Jiang also told 8btc that the hacker may not be Chinese and “to some extent controls the onset of the virus.” The Btc.top founder believes that H-Ant may have been spread through a popular cloud service provided by Baidu.

“It suggests two possibilities – the hacker is deliberately targeting China where bitcoin mines are concentrated; second, Chinese miners inadvertently helped spread the virus before they realized the overclocked firmware was infected,” Jiang emphasized during his interview.

- Advertisement -

When asked if the H-Ant attack could affect large portions of pools mining popular SHA-256 mined networks, the mining pool executive didn’t seem too worried, stating:

It’s hard to see that happening. The hash power of bitcoin network is still highly decentralized with numerous mines, it’s quite difficult for hackers to just figure out the network location of these mines.

H-Ant allegedly also infected a Chinese miner’s facility in a matter of minutes holding 4,000 of his devices hostage. However, even though the virus does stop a machine from operating it can be fixed. Reports detail that the victim needs time to reflash the mining rig’s SD card and install a clean version of firmware. Of course, while the machine is being updated, the miner has still lost money due to inactivity.

What do you think about the H-Ant ransomware attacking Chinese miners? Let us know in the comments section below.


Images credits: Shutterstock, and Yibenchain.


Bitcoin is cool, and you know everyone wants in – even the ones who say they don’t. Show the world how cutting-edge you are with a bitcoin T-shirt, hoodie, bag, key-ring, even a Trezor hardware wallet. Shipping all over the world, quality merchandise and, of course, a payment system that makes people say “wow!” 

Source

Previous Articles:

- Advertisement -

Latest News

Coinbase Base App Rebrand Sparks Zora Token and SocialFi Surge

Coinbase rebranded its Wallet to the Base App on July 16, sparking a surge...

Solana Holds $177 Support as ETF Delays Weigh, Eyes $205 Rebound

Solana (SOL) saw its price fall by 3.2% this week after a strong rise...

Astronomer Turns Viral CEO Kiss Cam Scandal Into Data-Driven Win

Astronomer, a data infrastructure company, faced a viral public incident involving its CEO and...

Japan’s Crypto Bottleneck: Regulation, Not Taxes, Drives Talent Out

Regulatory approval delays are causing crypto startups to leave Japan.A proposed 20% flat tax...

Solana Rallies 5%, Eyes $200 as Bulls Challenge $188 Resistance

Solana (SOL) has recovered, rising over 5% in 24 hours and 30% in the...

Must Read

9 Best Books On Ethereum And Blockchain Technology (Beginners And Advanced Readers)

Ethereum is a complex topic, and it can be difficult to know where to start learning about it.Even for people who are familiar with...