Home Mining This Crypto Ransomware is Targeting Bitcoin (BTC) Mining Rigs in China

This Crypto Ransomware is Targeting Bitcoin (BTC) Mining Rigs in China

Bitcoin (BTC) miners in China are in a bind after a ransomware by the name of ‘hAnt’ has been targeting specific mining rigs such as the Bitmain’s Antminer S9, T9 and L3. The ransomware has also found its way into Avalon rigs. The malicious code was first detected in August 2018. Up until now there is no clear source of origin. Some Chinese security experts suspect that hAnt comes hidden inside tainted versions of mining rig firmware that has been present online since last Summer.

hAnt functions like any other ransomware by encrypting the files belonging to the infected miner. This results in the rig halting mining operations for the files are inaccessible till the user abides by the demands of the code. When owners of the rig attempt to investigate the affected machines, the are presented by an image of an ant flanked by two pickaxes in green ASCII characters. The image is similar to the red skull screen displayed by the NotPetya ransomware.

When users click anywhere on the screen, a message in Mandarin and ‘imperfect’ English pops up. The English version of the message seen by BTC miners is as follows.

I am hAnt! I continue to attack your Antminer. As long as you spread the infected machine, my server verifies that there are 10 new IPs and the number of antminers reaches 1,000. I will stop attacking you! Otherwise I will turn off your antminer’s fan and overheat protection, which will cause you to burn your machine or will burn the house.

Click the ‘Diwnload firmware patch’ button to download the firmware patch with your specific ID. Just update it to your normal Antminer to get infected.

You can bring the machine that updated the patch to another computer room to complete the infection, or induce others to use the firmware patch in the network group.

Or support 10 BTCs, I will stop attacking.

Either Pay 10 BTC or Spread the Ransomware

In a nutshell, the ransomware gives two options: pay up or spread the code. Otherwise, it will turn off the antminer’s fan causing overheating and subsequent destruction of the machine.

Incidents of hAnt Spreading on Its Own

There has also been some incidents of the ransomware spreading on its own to mining equipment connected to the same network. An executive from BTC.com claimed that it infected 4,000 devices within minutes.

Current Solution

The only solution that has been effective so far is to re-flash the infected mining equipment’s SD card and install clean firmware. Users are also being advised to download firmware directly from the original manufacturer of the rigs and not other download sites.


Please enter your comment!
Please enter your name here

Must Read

LEGO ready to land in the NFTs? The news that breaks bricks

A New Player in the NFT World - It only took one tweet to get fans of NFT and Lego bricks on...

Bitcoin price: BTC fell back again, trading below $ 36,000 again

Bitcoin (BTC) closes the week with a new low of more than 10%, which pushed its price back below $ 36,000.

Bitcoin Core developers release version 0.21.0 of the software

The developers of Bitcoin Core have just announced the release of version 0.21.0 of the software. Result of...

Shopify employees allegedly behind Ledger’s database hack

In a blog post today, hardware wallet designer Ledger returned to his customer database breach in July 2020 where two employees of...

Bitcoin: New Correction Before Q1 Ends

Alex Mashinsky, CEO of Celsius, assured that the price suffered a decline yesterday in the crypto market. In general comes as...