Home Mining This Crypto Ransomware is Targeting Bitcoin (BTC) Mining Rigs in China

This Crypto Ransomware is Targeting Bitcoin (BTC) Mining Rigs in China

Bitcoin (BTC) miners in China are in a bind after a ransomware by the name of ‘hAnt’ has been targeting specific mining rigs such as the Bitmain’s Antminer S9, T9 and L3. The ransomware has also found its way into Avalon rigs. The malicious code was first detected in August 2018. Up until now there is no clear source of origin. Some Chinese security experts suspect that hAnt comes hidden inside tainted versions of mining rig firmware that has been present online since last Summer.

hAnt functions like any other ransomware by encrypting the files belonging to the infected miner. This results in the rig halting mining operations for the files are inaccessible till the user abides by the demands of the code. When owners of the rig attempt to investigate the affected machines, the are presented by an image of an ant flanked by two pickaxes in green ASCII characters. The image is similar to the red skull screen displayed by the NotPetya ransomware.

When users click anywhere on the screen, a message in Mandarin and ‘imperfect’ English pops up. The English version of the message seen by BTC miners is as follows.

I am hAnt! I continue to attack your Antminer. As long as you spread the infected machine, my server verifies that there are 10 new IPs and the number of antminers reaches 1,000. I will stop attacking you! Otherwise I will turn off your antminer’s fan and overheat protection, which will cause you to burn your machine or will burn the house.

Click the ‘Diwnload firmware patch’ button to download the firmware patch with your specific ID. Just update it to your normal Antminer to get infected.

You can bring the machine that updated the patch to another computer room to complete the infection, or induce others to use the firmware patch in the network group.

Or support 10 BTCs, I will stop attacking.

Either Pay 10 BTC or Spread the Ransomware

In a nutshell, the ransomware gives two options: pay up or spread the code. Otherwise, it will turn off the antminer’s fan causing overheating and subsequent destruction of the machine.

Incidents of hAnt Spreading on Its Own

There has also been some incidents of the ransomware spreading on its own to mining equipment connected to the same network. An executive from BTC.com claimed that it infected 4,000 devices within minutes.

Current Solution

The only solution that has been effective so far is to re-flash the infected mining equipment’s SD card and install clean firmware. Users are also being advised to download firmware directly from the original manufacturer of the rigs and not other download sites.


Please enter your comment!
Please enter your name here

Must Read

Staking: these are the 5 preferred cryptos for passive profits

Staking has been called in various ways, some accurate, others not so much. This has also happened with PoS,...

United Kingdom forces to block cryptocurrency advertising

The advertisements of the company Luno will be withdrawn from the United Kingdom after the resolution that obliges them to do so...

Cryptocurrencies find some relief after their crash

Cryptocurrencies find some support for a bounce after one of the toughest weeks for investors. Although last Thursday we...

China Strikes Cryptocurrencies Again, Bitcoin Slumps Again

The highest level of government in China has proposed new measures to regulate mining in the country. The proposal has been received...

Bitcoin on the Playstation? Sony’s patent finally accepted

On May 17, 2021, the publication of a patent by Sony Interactive Entertainment mentioning Bitcoin was greeted with great fanfare by the...