Till now we all have heard about the Ransomware
malware that encrypts your files or lock down your computer and ask for
a ransom amount to be paid in a specified duration of time to unlock
it.
Emsisoft has detected a new piece of malware called “Linkup”, dubbed as “Trojan-Ransom.Win32.Linkup”
that doesn't lock your computer or encrypts files; rather it blocks
your Internet access by modifying the DNS settings, with the ability to
turn your computer into a Bitcoin mining robot. Sounds Interesting??
Once the Linkup Trojan is installed in your system, it makes a
copy of itself and disables the selected Windows Security and Firewall
services to facilitate the infection. Injected poisoned DNS Server will
only allow the malware and Bitcoin miner to communicate with the
internet.
It display a bogus notification on the victim's web browser, which is supposed to be from the Council of Europe, that accuses you of viewing “Child Pornography” and only returns the access of Internet back on the payment of a £0.01 (Euro) fine.
This is unconfirmed that after paying ransom money, the malware will restore the Internet access or not, "but most likely only a blatant lie".
The Ransom amount is supposed to be paid by the Credit Card with the
submission of your personal information, including your Name, DOB and
City, as shown:
In addition to blocking your Internet access, Linkup malware also
download and install other malware that connect your computer to a
Bitcoin mining botnet forcefully, which can combine the computing power
of multiple infected computers to earn Bitcoin for whoever is behind the
attack.
Emsisoft has detail explanation of the working of malware on their site:
“This combination of ransomware and Bitcoin mining is a new and fascinating development. At this point, however, its functionality is still quite limited as the downloaded jhProtominer only works on 64-bit operating systems. In time, it will be interesting to see if Linkup is modified to download more flexible variants.”
If your computer has been infected, you are advised not to pay ransom
money or submit any personal information, rather you can install 'Emsisoft Anti-Malware' to remove the malware and restoring DNS settings to default.
No comments:
Post a Comment