A new bit of malware, Linkup, is a clever girl. First it takes control of the DNS servers your computer pings to connect to the Internet and, while you’re wondering how to delete it, begins mining bitcoins on the sly. Anti-virus purveyors Emsisoft identified the ransomware in the wild.
The program essentially blocks all Internet access, instead throwing up a bogus warning from the Council Of Europe about potential child pornography on your machine (you can see it at 18.104.22.168/worlds/test/index.html until it’s inevitably blocked BUT DO NOT ALLOW IT TO INSTALL ANYTHING AND ENTER THE URL AT YOUR OWN RISK). To regain access to your Internet you’re asked to pay 0.01 euro by credit card (“likely a blatant lie,” writes Emsisoft and we concur) and submit personal information.
Emsisoft published an excellent analysis of the malware on their site.
After firmly ensconcing itself into your system and rerouting all Internet traffic, the program downloads and runs pts2.exe, a bitcoin mining botnet system that runs independently of the ransomware.
What happens if you pay the ransom? Presumably the malefactors will turn your Internet back on remotely once they’ve gotten your credit card number and personal info, a chilling thought. Given the realistic landing page and confusing behavior of the software, it’s clear that Linkup could be quite a dangerous piece of software if enough users believe its claims. Emsisoft writes: