Scammers are punting a strain of ransomware that puts compromised PCs to work mining Bitcoins after blocking all other activity on infected Windows computers.
A new variant of the Reveton ransomware, spotted by researchers at Malwarebytes, locks a user out of their computer before running a Bitcoin miner. This means the criminals are no longer dependent on payment of the "ransom" to make a profit – hijacking a computer by itself will yield a return for the cybercrooks.
Reveton is a widespread piece of ransomware. Typically, it falsely accuses marks of downloading images of child abuse or downloading copyright-protected content before demanding a fine to unlock computers. Payment is normally requested in the form of an voucher from an anonymous prepaid cash service, such as Ukash or Paysafecard.
Internet pondlife have previously used ransomware to peddle survey scams and fake anti-virus products ("scareware"). Viewed in this contact, co-opting PCs compromised by ramsomware into Bitcoin mining botnets is the next logical step.
Making money mining Bitcoins for practical gain involves running arrays of GPUs solving the ever more complex algorithms needed to generate Bitcoins. Of course, if it's not your own resource that's been turned over to number crunching, this is less of a consideration. Perhaps crooks have realized that marks are dithering when it comes to caving into ransomware demands, and there's profit to be made mined from their indecision.
"Ransomware is most commonly spread via drive-by downloads and Reveton especially has been seen working with some of the most notorious exploit kits available today," writes Malwarebytes researcher Adam Kujawa in a blog post on the threat.
Kujawa advises consumers to update browser software and plug-ins to guard against the most common types of threat exploited by Reveton-peddling gangs. ®