Rakhni Ransomware Virus Cycles Back As Crypto Mining Software Installations Affect Computers

Notorious Ransomware Rakhni has reinforced its software to infiltrate the victim's computers with illicit cryptojacking malware.

Just last week Kaspersky Lab products had detected new malicious samples related to the infamous Trojan family Trojan-Ransom.Win32.Rakhni. The main feature of the malware is that it can choose how to infect its victims – either with a cryptor or with a miner.

While the exact reasons for this specific search strategy are unclear, it can be speculated that Bitcoin users place all Bitcoin-related data in a readily accessible folder, of which Rakhni seeks to take advantage.

The updated Rakhni version is distributed via spam emails. There have been reported instances of Rakhni infections in Russia, Kazakhstan, Ukraine, Germany, and India. It is suspected that the system is using geo-targeting tools for email delivery.

The malware verifies the existence of the “%AppData%\Bitcoin” directory, which can be indicative of the local storage of bitcoin-wallets. This, according to Kaspersky Lab researchers, prompts the assumption that victims will willingly pay to get their files back, so the Trojan encrypts the files with a cryptor.

Orkhan Mamedov, Malware Analyst at Kaspersky Lab said:

“The fact that the malware can decide which payload it uses to infect the victim provides yet another example of the opportunistic tactics used by cybercriminals. They will always try to benefit from their victims: either by directly extorting money (cryptor), by the unauthorized use of user's resources for their own needs (miner), or by exploiting the victim in the chain of malware distribution (net-worm).”

The first instance of crypto jacking arrest has been reported. A man deploying the infamous Coinhive software, a cryptocurrency miner that has gained notoriety in recent times, was arrested in Japan on July 5, 2018, after authorities identified his IP address in connection with several cryptojacking instances. Police authorities did not reveal insightful details about the crime, such as nature of operation or delivery methods, but stated he earned a paltry amount of 5,000 Yen ($45) for his efforts.

It primarily targets companies rather than ordinary users and is mainly spread throughout Russia (95.57%). It also has a presence in Kazakhstan (1.36%), Ukraine (0.57%), Germany (0.49%), and India (0.41%). Over the past year alone, more than 8,000 users have been attacked by Trojan-Downloader.Win32.Rakhni Trojans.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide