Stand And Deliver, Your Bandwidth And Our Bitcoins

Ransomware is a fairly new phenomenon but one that is becoming increasingly prevalent. Just this morning Brian wrote about how some companies are being held to ransom, leading to loss of business data or payment of monies for the return of their lost bytes.

But the criminals who write this particular type of malware use it not just to take data hostage; ransomware has other possibilities as a money making opportunity too.

In fact, a new form of malware has just recently been discovered by antivirus firm Emsisoft.

This new piece of ransomware, dubbed “Linkup” will still hold your computer captive, but it won’t lock you out of it or encrypt all of your files until you pay a fee to have them released. Instead, it will block your internet access and turn your machine into a zombie Bitcoin miner.

When your machine is infected with Linkup you will discover that normal access will be gone and, instead, you will be greeted with a warning message which claims to have come from the Council of Europe. The bogus message will offer an explanation of why your internet access has been blocked – it implies that the Council has taken this action because it has detected potential child pornography on your machine:

“The Provisions on the fight against sexual exploitation of children and child pornography on the Internet complies with the provisions of a EU Council decision from December 2003. It gives the police powers to arrest those who are responsible for child online pornography, calls for the creation of the National Centre to combat child pornography on the internet and establishes that Internet Service Providers have a legal obligation to adopt a filtering system to avoid access to sites censored by the Centre.”

Curiously, the web page does offer an easy way to circumvent this block.

council of europe

Despite the heinous nature of child porn, the victim can get rid of the block for a mere one Euro cent, an amount so small that it would likely get many takers. What happens after supplying your personal data and payment details is, of course, anyone’s guess.

This mini ransom isn’t the only way that Linkup makes money for whoever is behind it though. The program also drops pts2.exe, a Bitcoin mining botnet that runs independently of the main program – a double win for the bad guys!

More info on Linkup is available on the Emsisoft blog and I will leave you with the advice Brian gave earlier –

  • Keep your software patched and up to date.
  • Employ reputable anti-virus software and keep it up to date.
  • Backup your data regularly and most importantly verify that the backups have worked and you can retrieve your data.
  • Make staff and those who use your computers aware of the risks and how to work securely online.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.