hAnt Ransomware
The hAnt Ransomware is a screen-locking Trojan that disables the PC and demands a ransom for restoring it. Its campaign and capabilities are highly specific to dedicated cryptocurrency-mining machines, although other systems could be at risk, as well. Users should remove the hAnt Ransomware with appropriate re-flashing and anti-malware procedures and avoid paying the ransom or spreading the infection, if possible.
This Ant is Crawling Around Bitcoin Farms in China
A threat possessing many of the classic characteristics of a screen-locking Trojan is adding on some less than usual tweaks to its campaign: the types of victims that it targets, and the ransoming instructions. The hAnt Ransomware, which is predominantly circulating in China, is avoiding the usual tactic of sabotaging business or recreational PCs. The threat is, as an alternative, shutting down entire cryptocurrency farms, one machine at a time.
Malware experts suspect that the hAnt Ransomware includes a worm-based component that allows its spreading onto other PCs on the same network, which would account for its rapid infection transmission. However, not all installations of the hAnt Ransomware are abusing self-duplication. The Trojan's ransoming message, which it delivers while locking up the entire computer, also recommends spreading the infection instead of paying the fee.
The 'normal' ransom is ten Bitcoins, which, at a USD value of over thirty thousand, makes the hAnt Ransomware one of the more decidedly expensive screen-locking Trojans in existence. The same screen that the hAnt Ransomware uses as its ransom note while locking the computer, also, claims that the Trojan can destroy the system's hardware by disabling heat regulation safeguards, such as its fans. While malware experts can't corroborate that feature's presence, any threat actor with cryptocurrency-mining interests could, in theory, instigate that damage without much difficulty.
Bringing Down the Ant Network that Funnels Money Outside
Whether or not they represent a tangible loss of hardware, the hAnt Ransomware infections can cost Bitcoin-mining operations money, merely due to the time that rigorous disinfection requires. Along with the usual precautions, malware experts suggest avoiding firmware updates for products like Antminer that you don't retrieve from an explicitly safe and official source. Paying the Bitcoin ransom carries the traditional risk of the threat actor's taking the money but not unlocking the machine.
Compromised machines shouldn't remain connected to any local networks, for preventing the hAnt Ransomware from spreading elsewhere, with any infected SD cards re-flashed as is appropriate. Other PCs also may be at risk from the hAnt Ransomware infections, however, which could cause general performance issues and, potentially, the overheating mentioned earlier. Most anti-malware products should be capable of removing the hAnt Ransomware in that situation long before any hardware damage occurs.
Anyone making money can be a target for extortion, which, in 2019, often takes place through threatening software. The hAnt Ransomware and other, screen-locking Trojans offer substantial disruption to economic actors, only for compensating criminals.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.