Skip to main content

Ransomware shifts focus from holding passwords hostage to hijacking your PC

online Bitcoin courses
Image used with permission by copyright holder

A malicious website initially set up to extort visitors to pay a cryptocurrency ransom has changed its course. Instead of demanding payment via Bitcoin, Ethereum, Bitcoin Cash or Litecoin in exchange for not leaking your password on the internet, the site now hijacks your computer’s processing power to mine cryptocurrency in the background.

Designed as a copy of the Have I Been Pwned attack, the site began by asking users to enter their emails to see if their password has been compromised. Unfortunately, if your password was breached, the site demanded a “donation” of $10 by cryptocurrency to not publish your password in plain text on the web.

Up to 1.4 billion passwords may have been breached, but it’s unclear how accurate that figure is. However, because it may be easier — and safer — to change your password than pay the ransom, as The Next Web noted, the site shifted its focus from demanding ransomware payments to taking over your PC’s processing power to mine for cryptocurrency in the background. The publication also confirmed that the malicious site did “have a database with legitimate passwords,” but that not all compromised passwords were stored in plain text.

The Next Web did not reveal the site’s address in its report, citing security reasons, but noted that it doesn’t appear that any user had made payment.

This is the latest ransomware in recent months that demand cryptocurrency as a form of payment. Prior to this incident, Thanatos encrypted files on a user’s PC by hijacking it using a brute force method. If you want to regain access to those files, you had to send payment via cryptocurrency to get a key to decrypt your files. However, at the time, there didn’t appear to be a proper decryption key even if you paid.

According to a recent Google report, extortionists made out with $25 million in just two years, and cryptocurrency was the preferred way to get paid. In fact, 95 percent of extortionists used BTC-e to cash out their earnings. The report cites that the European Union’s anti-money laundering directive and counter-terrorist financing legal frameworks can help to prevent the misuse of cryptocurrency.

Hackers are also changing the game when it comes to data theft. Rather than leaking the information to the dark markets, an IBM X-Force Intelligence Index report revealed that hackers prefer to hold files hostage in exchange for a ransom payment. This meant that in 2017, 25 percent fewer records were leaked than the previous year.

In the business world, ransomware cost corporations $8 billion worldwide in 2017, and many companies keep cryptocurrency on hand to reduce downtime.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more