LINKUP - First Ransomware trojan that modifies DNS settings to mine Bitcoin forcefully

By | 21:27 Leave a Comment
Linkup Ransomware DNS Changing Malware
Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a random amount to be paid in a specified duration of time to unlock it.

Emsisoft has detected a new piece of malware called “Linkup”, dubbed as “Trojan-Ransom.Win32.Linkup” that doesn’t lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot. Sounds Interesting??

Once the Linkup Trojan is installed in your system, it makes a copy of itself and disables the selected Windows Security and Firewall services to facilitate the infection. Injected poisoned DNS Server will only allow the malware and Bitcoin miner to communicate with the internet.

It display a bogus notification on the victim's web browser, which is supposed to be from the Council of Europe, that accuses you of viewing “Child Pornography” and only returns the access of Internet back on the payment of a £0.01 (Euro) fine.

This is unconfirmed that after paying ransom money, the malware will restore the Internet access or not, "but most likely only a blatant lie". The Ransom amount is supposed to be paid by the Credit Card with the submission of your personal information, including your Name, DOB and City, as shown:
Linkup Ransomware DNS Changing Malware
In addition to blocking your Internet access, Linkup malware also download and install other malware that connect your computer to a Bitcoin mining botnet forcefully, which can combine the computing power of multiple infected computers to earn Bitcoin for whoever is behind the attack.
Emsisoft has detail explanation of the working of malware on their site:
This combination of ransomware and Bitcoin mining is a new and fascinating development. At this point, however, its functionality is still quite limited as the downloaded jhProtominer only works on 64-bit operating systems. In time, it will be interesting to see if Linkup is modified to download more flexible variants.
If your computer has been infected, users are advised not to pay ransom money or submit any personal information, rather you can install 'Emsisoft Anti-Malware' to remove the malware and restoring DNS settings to default.
Newer Post Older Post Home

0 comments: