Home Mining This Crypto Ransomware is Targeting Bitcoin (BTC) Mining Rigs in China

This Crypto Ransomware is Targeting Bitcoin (BTC) Mining Rigs in China

Bitcoin (BTC) miners in China are in a bind after a ransomware by the name of ‘hAnt’ has been targeting specific mining rigs such as the Bitmain’s Antminer S9, T9 and L3. The ransomware has also found its way into Avalon rigs. The malicious code was first detected in August 2018. Up until now there is no clear source of origin. Some Chinese security experts suspect that hAnt comes hidden inside tainted versions of mining rig firmware that has been present online since last Summer.

hAnt functions like any other ransomware by encrypting the files belonging to the infected miner. This results in the rig halting mining operations for the files are inaccessible till the user abides by the demands of the code. When owners of the rig attempt to investigate the affected machines, the are presented by an image of an ant flanked by two pickaxes in green ASCII characters. The image is similar to the red skull screen displayed by the NotPetya ransomware.

When users click anywhere on the screen, a message in Mandarin and ‘imperfect’ English pops up. The English version of the message seen by BTC miners is as follows.

I am hAnt! I continue to attack your Antminer. As long as you spread the infected machine, my server verifies that there are 10 new IPs and the number of antminers reaches 1,000. I will stop attacking you! Otherwise I will turn off your antminer’s fan and overheat protection, which will cause you to burn your machine or will burn the house.

Click the ‘Diwnload firmware patch’ button to download the firmware patch with your specific ID. Just update it to your normal Antminer to get infected.

You can bring the machine that updated the patch to another computer room to complete the infection, or induce others to use the firmware patch in the network group.

Or support 10 BTCs, I will stop attacking.

Either Pay 10 BTC or Spread the Ransomware

In a nutshell, the ransomware gives two options: pay up or spread the code. Otherwise, it will turn off the antminer’s fan causing overheating and subsequent destruction of the machine.

Incidents of hAnt Spreading on Its Own

There has also been some incidents of the ransomware spreading on its own to mining equipment connected to the same network. An executive from BTC.com claimed that it infected 4,000 devices within minutes.

Current Solution

The only solution that has been effective so far is to re-flash the infected mining equipment’s SD card and install clean firmware. Users are also being advised to download firmware directly from the original manufacturer of the rigs and not other download sites.


Please enter your comment!
Please enter your name here

Must Read

Bitgo Plans to Launch Wrapped Bitcoin on the Tron Blockchain

Members of the crypto ecosystem will soon be able to leverage WBTC via the Tron (TRX) network. Just like the tokenized BTC created using Ethereum’s ERC20...

Ethereum’s Long Term Chart Is Extremely Simple To Read

The weekly Ethereum chart, as opposed to the daily chart, is simple and concise. There are 2 simple...

US Department of Transportation Says Blockchain Has Many Applications For Unmanned Aircraft Systems (Drones)

Blockchain technology could assist with adjusting and improving current technical challenges in the expanding business of commercial drone delivery, said the US...

Security tokens, blockchain settlement draw interest from institutions: MIT Bitcoin Expo panel

Amid growing competition between providers, institutions in the traditional finance space are looking at blockchain as another way to offer value to...

Networking 2.0 at Blockchain Life 2020

Make hundreds of connections at Blockchain Life 2020 The 5th Blockchain Life 2020 returns to Moscow on April 22-23 at the unique media...