New Ransomware Blocks Your DNS Connection And Forces Your Computer To Mine Bitcoins

A new bit of malware, Linkup, is a clever girl. First it takes control of the DNS servers your computer pings to connect to the Internet and, while you’re wondering how to delete it, begins mining bitcoins on the sly. Anti-virus purveyors Emisoft identified the ransomware in the wild.

The program essentially blocks all Internet access, instead throwing up a bogus warning from the Council Of Europe about potential child pornography on your machine (you can see it at 62.75.221.37/worlds/test/index.html until it’s inevitably blocked BUT DO NOT ALLOW IT TO INSTALL ANYTHING AND ENTER THE URL AT YOUR OWN RISK). To regain access to your Internet you’re asked to pay 0.01 euro by credit card (“likely a blatant lie,” writes Emisoft and we concur) and submit personal information.

Emisoft published an excellent analysis of the malware on their site.

After firmly ensconcing itself into your system and rerouting all Internet traffic, the program downloads and runs pts2.exe, a bitcoin mining botnet system that runs independently of the ransomware.

This combination of ransomware and Bitcoin mining is a new and fascinating development. At this point, however, its functionality is still quite limited as the downloaded jhProtominer only works on 64-bit operating systems. In time, it will be interesting to see if Linkup is modified to download more flexible variants.

What happens if you pay the ransom? Presumably the malefactors will turn your Internet back on remotely once they’ve gotten your credit card number and personal info, a chilling thought. Given the realistic landing page and confusing behavior of the software, it’s clear that Linkup could be quite a dangerous piece of software if enough users believe its claims. Emisoft writes: