Skip to main content

Ransomware shifts focus from holding passwords hostage to hijacking your PC

online Bitcoin courses
Image used with permission by copyright holder

A malicious website initially set up to extort visitors to pay a cryptocurrency ransom has changed its course. Instead of demanding payment via Bitcoin, Ethereum, Bitcoin Cash or Litecoin in exchange for not leaking your password on the internet, the site now hijacks your computer’s processing power to mine cryptocurrency in the background.

Designed as a copy of the Have I Been Pwned attack, the site began by asking users to enter their emails to see if their password has been compromised. Unfortunately, if your password was breached, the site demanded a “donation” of $10 by cryptocurrency to not publish your password in plain text on the web.

Recommended Videos

Up to 1.4 billion passwords may have been breached, but it’s unclear how accurate that figure is. However, because it may be easier — and safer — to change your password than pay the ransom, as The Next Web noted, the site shifted its focus from demanding ransomware payments to taking over your PC’s processing power to mine for cryptocurrency in the background. The publication also confirmed that the malicious site did “have a database with legitimate passwords,” but that not all compromised passwords were stored in plain text.

Please enable Javascript to view this content

The Next Web did not reveal the site’s address in its report, citing security reasons, but noted that it doesn’t appear that any user had made payment.

This is the latest ransomware in recent months that demand cryptocurrency as a form of payment. Prior to this incident, Thanatos encrypted files on a user’s PC by hijacking it using a brute force method. If you want to regain access to those files, you had to send payment via cryptocurrency to get a key to decrypt your files. However, at the time, there didn’t appear to be a proper decryption key even if you paid.

According to a recent Google report, extortionists made out with $25 million in just two years, and cryptocurrency was the preferred way to get paid. In fact, 95 percent of extortionists used BTC-e to cash out their earnings. The report cites that the European Union’s anti-money laundering directive and counter-terrorist financing legal frameworks can help to prevent the misuse of cryptocurrency.

Hackers are also changing the game when it comes to data theft. Rather than leaking the information to the dark markets, an IBM X-Force Intelligence Index report revealed that hackers prefer to hold files hostage in exchange for a ransom payment. This meant that in 2017, 25 percent fewer records were leaked than the previous year.

In the business world, ransomware cost corporations $8 billion worldwide in 2017, and many companies keep cryptocurrency on hand to reduce downtime.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
One of the most exciting upcoming CES 2025 launches just got leaked
lenovo foldable laptop extended.

Last year, Lenovo teased a rollable laptop at MWC 2023, but it was purely a prototype. Now, a leak covered by The Verge from Evan Blass claims that the concept is becoming a reality and will be released at CES 2025 in just a few weeks.

The concept Lenovo laptop from last year looks like a completely normal laptop at first, but once you press a button on the side, more screen literally starts rolling out from under the keyboard. The screen slowly grows until you have basically two laptop screens stacked on top of each other.

Read more
ChatGPT just got a bump to its coding powers
ChatGPT collaborating with Notion

For its penultimate 12 Days of OpenAI announcement, the company revealed a trio of updates to ChatGPT's app integration on Thursday, which should make using the AI in conjunction with other programs on your desktop less of a chore.

OpenAI unveiled ChatGPT's ability to collaborate with select developer-focused macOS apps, specifically VS Code, Xcode, TextEdit, Terminal, and iTerm2, back in November. Rather than needing to copy and paste code into ChatGPT, this feature allows the chatbot to pull specified content from the coding app as you enter your text prompt. ChatGPT, however, cannot generate code directly into the app, as Cursor or GitHub Copilot are able to.

Read more
Here’s why some PC gamers shouldn’t install the latest Windows 11 update
Overwatch 2 running on the LG OLED 27 gaming monitor.

The latest Windows 11 update, codenamed 24H2, has been a troubled rollout for Microsoft, but one thing's been clear from the beginning: PC gamers should wait to install it. Let's add another issue to the list, shall we?

As spotted by Windows Latest, Microsoft has confirmed in an update to its Windows 11 24H2 problems page, that Windows 11 24H2 is causing issues with its Auto HDR feature. The result of the bug is that incorrect colors are being displayed or, even worse, are breaking games entirely and causing them to not be responsive.

Read more