Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs
#1
[Image: 1*i37kIeE_yliEhm2gqxfOvw.jpeg]


    
     In China, over 100,000 machines have been infected with a malware via a supply chain attack, and that number is growing. This particular malware, doesn't ask for a ransom but instead asks victims to pay 100 yuan [Almost 16 USD] to the attacker's WeChat Pay account, a payment feature by a popular messaging app in China. And, as of the writing of this article, unlike WannaCry, this ransomware only affects Chinese users. 


   If the payment is not made in the allotted time then the malware deletes the decryption key from its remote command-and-control server via an automated process. the malware has also been observed gathering system information such as CPU model, screen resolution, and network information.

   It has been recently discovered by Chinese cyber-sec researchers that the malware was "poorly programmed" and that the attackers lied about the encryption process. A note with the ransomware states that all users' files have been encrypted using DES encryption algorithm, but in truth it creates a copy of the decryption keys using a less secure XOR cipher. A copy of the file can be found at this file location:

   %user%\AppData\Roaming\unname_1989\dataFile\appCfg.cfg


   The information found above was used to create a free ransomware decryption tool.


   The suspect behind the attack is a user called "Luo" who is a software developer by profession. The information connected to the suspect matched with what was found on the attacker's WeChat account, his account has of now been suspended. The information on the suspect has all been given to the proper authorities. 




    Like the article? Feel free to comment. Have a good day and stay safe out there.



    ---Mad Architect. 

   





   

   
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Exclamation News 1,700 Android apps infected with Bread (Joker) malware since 2017 Mr.Kurd 0 439 01-10-2020, 12:00 PM
Last Post: Mr.Kurd
  News New Ransomware Shows Off Its Abilities: Mad-Architect 0 441 11-21-2019, 05:18 PM
Last Post: Mad-Architect
  News Mexican Based Petrol Giant Hit With Ransomware: Mad-Architect 0 392 11-13-2019, 03:20 PM
Last Post: Mad-Architect
  News SmarterASP.NET Hit With Massive Ransomware Attack: Mad-Architect 0 424 11-11-2019, 04:43 PM
Last Post: Mad-Architect
  News Ransomware Gang Breached: Decryption Keys Released Mad-Architect 0 461 10-07-2019, 03:47 PM
Last Post: Mad-Architect
  News 2 malware-infected photo apps with 1.5M+ downloads removed from Google Play Mr.Kurd 0 373 09-23-2019, 09:44 AM
Last Post: Mr.Kurd
  News Multiple Dentist Offices Hit By Ransomware: Mad-Architect 0 444 08-30-2019, 01:31 PM
Last Post: Mad-Architect
  News Group Behind Ransomware Hit On Texas Make Demands: Mad-Architect 0 442 08-23-2019, 01:57 PM
Last Post: Mad-Architect
  News EuroFins Pays Ransom Amid Encounter With Ransomware: Mad-Architect 0 407 07-06-2019, 12:22 PM
Last Post: Mad-Architect
  News US Engineer Caught Smuggling Military Chips to China: Faces Over 200 Year Sentence Mad-Architect 0 422 07-04-2019, 09:50 AM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)