More than 100,000 computers in China are infected with Ransomware which encrypts data, 'we pay 1800 yen with WeChat' request
by Soumil Kumar
" Ransomware " which takes illegal data of "infected computer" as "hostage" and claims ransom accounting for most of the damage caused by cyber attacks. It is reported that such infection with Ransomware is spreading in China, and damage caused by paying ransom via WeChat of message application is reported to be continuing.
___ 0 ___ ___ 0 ___ ___ 0 ___ ___ 0 ___ ___ 0 ___ ___ 0
https://zhuanlan.zhihu.com/p/51368004
MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers Ransomware Infects 100K PCs in China, Demands WeChat Payment
https://movaxbx.ru/2018/12/05/ransomware-infects-100k-pcs-in-china-demands-wechat-payment/
Ransomuwa popular in China not only encrypts the local file of the infected computer but also has the function to steal login information of various sites. When the Ransomware is infected, a message is delivered to the user, "If you want to decrypt the file, please scan the transmitted QR code and ask WeChat to pay 110 yuan (about 1,800 yen) with the money transfer function".
According to the report of Fire Security of China security company, Ransomware named " WeChat Ransom " seems to be infected with over 100,000 computers in just a few days after discovery.
According to the researcher who investigated about WeChat Ransom, the creator of Ransomware spread the WeChat Ransom by using the Chinese SNS " Bean 瓣 ". After analyzing the malware, researchers succeeded in accessing the two servers that the malware creator used to store the data extracted from the infected computer.
From one of the servers that can be accessed, the shopping site Taobao is a settlement service leading to the Alipay password has been also discovered a total of 20,000. The login information of other services was also targeted by malware, and login information of services such as heavenly cats and Alipay was also collected.
According to information released by Tencent, a major Internet service provider, WeChat Ransom is expanding even through an application that manages multiple accounts of Tencent QQ , a message application. From the subsequent investigation, WeChat Ransom seems to be spread through at least more than 50 applications. Since most of the victims have not installed security software on the computer, it seems that infection has expanded even after WeChat Ransom's information was announced on December 1, 2018.
On the other hand security companies do not see WeChat Ransom as a major threat. Although threatening to "delete the key to unencrypt the file unless you pay the ransom by a certain deadline", since all release keys are hard-coded in WeChat Ransom itself, we have not paid ransom Even file recovery is possible. Several security companies have already made available file recovery tools encrypted by WeChat Ransom.
In addition, firefighting safety experts have already identified the information that leads to the creator of WeChat Ransom. The creator's name · mobile phone number · QQ account · mail address has also been found, and it is a matter of time that the police arrive at the criminal. It is reported that Tencent deleted the criminal's QR code and closed the payment account when the problem WeChat account was discovered.
Related Posts: