The Rakhni virus is back once again after creating havoc in the cyber world in 2013. Now the updated version of Rakhni can deploy ransomware on systems having folders titled Bitcoin (BTC). The latest reports say that the ransomware is using fraudulent crypto jacking software for infiltrating the computers.
The virus belongs to the Trojan family known for creating deceitful ransomware, which locks files until a ransom is paid. Recently, the Kaspersky Lab products tracked down the activity of Rakhni. According to the lab, the malware has the ability to choose ways to infect the victims. Researchers with the lab have said that Rakhni first targets companies instead of ordinary users. Over the years, the Trojan-Downloader.Win32.Rakhni Trojans have affected more than 8,000 users.
Rakhni virus primarily targeting cryptocurrency
A couple of days ago, Bleeping Computer, a cybersecurity website reported that the Rakhni virus was engaged in unauthorized activities on the PCs of cryptocurrency users. Kaspersky Lab too reported that the updated Rakhni virus has the ability to scan the computer of victims and infiltrate it.
Rakhni displays smart-virus behavior. It first runs a selection process on the computer and then either deploys a coinminer patch or ransomware on it. It has been observed that the virus especially searches for Bitcoin folders and installs itself on such computers. It is not known why the ransomware is specifically targeting users with Bitcoin folders. Speculations suggest that cryptocurrency users put all their crypto-related details in the readily accessible folder, which can be easily accessed by the ransomware.
Rakni prevents users from accessing their funds
Users affected by the attack of the Rakhni virus cannot access their funds and will have to pay a ransom for fund transfer. So, the users have to either pay the amount or are prevented from accessing the funds. Interestingly, in the absence of any Bitcoin folder on the computer, Rakhni deploys virtual currency mining software on the computer of the user. However, the installation is executed only on those computers that can handle high computing demands and intense energy required for mining crypto coins. It means that computers with Bitcoin folders are vulnerable to a Rakhni attack.