Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs
[Image: 1*i37kIeE_yliEhm2gqxfOvw.jpeg]

     In China, over 100,000 machines have been infected with a malware via a supply chain attack, and that number is growing. This particular malware, doesn't ask for a ransom but instead asks victims to pay 100 yuan [Almost 16 USD] to the attacker's WeChat Pay account, a payment feature by a popular messaging app in China. And, as of the writing of this article, unlike WannaCry, this ransomware only affects Chinese users. 

   If the payment is not made in the allotted time then the malware deletes the decryption key from its remote command-and-control server via an automated process. the malware has also been observed gathering system information such as CPU model, screen resolution, and network information.

   It has been recently discovered by Chinese cyber-sec researchers that the malware was "poorly programmed" and that the attackers lied about the encryption process. A note with the ransomware states that all users' files have been encrypted using DES encryption algorithm, but in truth it creates a copy of the decryption keys using a less secure XOR cipher. A copy of the file can be found at this file location:


   The information found above was used to create a free ransomware decryption tool.

   The suspect behind the attack is a user called "Luo" who is a software developer by profession. The information connected to the suspect matched with what was found on the attacker's WeChat account, his account has of now been suspended. The information on the suspect has all been given to the proper authorities. 

    Like the article? Feel free to comment. Have a good day and stay safe out there.

    ---Mad Architect. 



01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Exclamation News 1,700 Android apps infected with Bread (Joker) malware since 2017 Mr.Kurd 0 762 01-10-2020, 12:00 PM
Last Post: Mr.Kurd
  News New Ransomware Shows Off Its Abilities: Mad-Architect 0 800 11-21-2019, 05:18 PM
Last Post: Mad-Architect
  News Mexican Based Petrol Giant Hit With Ransomware: Mad-Architect 0 676 11-13-2019, 03:20 PM
Last Post: Mad-Architect
  News SmarterASP.NET Hit With Massive Ransomware Attack: Mad-Architect 0 731 11-11-2019, 04:43 PM
Last Post: Mad-Architect
  News Ransomware Gang Breached: Decryption Keys Released Mad-Architect 0 773 10-07-2019, 03:47 PM
Last Post: Mad-Architect
  News 2 malware-infected photo apps with 1.5M+ downloads removed from Google Play Mr.Kurd 0 661 09-23-2019, 09:44 AM
Last Post: Mr.Kurd
  News Multiple Dentist Offices Hit By Ransomware: Mad-Architect 0 771 08-30-2019, 01:31 PM
Last Post: Mad-Architect
  News Group Behind Ransomware Hit On Texas Make Demands: Mad-Architect 0 722 08-23-2019, 01:57 PM
Last Post: Mad-Architect
  News EuroFins Pays Ransom Amid Encounter With Ransomware: Mad-Architect 0 691 07-06-2019, 12:22 PM
Last Post: Mad-Architect
  News US Engineer Caught Smuggling Military Chips to China: Faces Over 200 Year Sentence Mad-Architect 0 715 07-04-2019, 09:50 AM
Last Post: Mad-Architect

Users browsing this thread: 1 Guest(s)