A new Ransomware attack in China has started to spread over and has already infected more than 100k PCs all over the country.
But, this Ransomware attack is a bit different than what we have been seeing until now. Unlike other Ransomwares, who demand payment in bitcoins. This one is asking a payment of 110 yuan (nearly 16 USD) through WeChat pay. One of the most popular messaging apps in China.
The ransomware was spread through a malicious code injected into “EasyLanguage” Programming software used by many across the country. The ransomware has also seemed to stole passwords of various Chinese sites including likes of Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (JD.com), Taobao, Tmall , AliWangWang, and QQ websites.
The ransomware claims to use a highly secure encryption method which cannot be broken easily. But, it looks like researchers have already found the way to decrypt it. The ransomware note says users’ files have been encrypted using DES encryption algorithm, but in reality, it encrypts data using a less secure XOR cipher and stores a copy of the decryption key locally on the victim’s system itself in a folder.
Using this information, the Velvet security team created and released a free ransomware decryption tool that can easily unlock encrypted files for victims without requiring them to pay any ransom. It has been speculated that a guy named “Leo” is behind the attack. WeChat has already suspended the account associated with receiving ransomware payments also a lawsuit has been filed against. Although much information had been gathered about the attacker. He is yet to be brought under the hood.