Update 12/10/2018 – Authorities have a suspect in custody. The Chinese police were able to track the suspect down due to the personal information used to create the WeChat app to collect the ransom demands.
New Ransomware Attack Targets Chinese Users
A new ransomware variant has infected 100,000 Windows PCs in China by encryption the user’s files, then demands 110 yuan ($16 USD) ransom. In addition to the encryption of files, the ransomware also includes an information-stealing component that obtained user credentials for several Chinese online services.
Thus far, the attack has not gone global, as the hackers have limited their demographic in a few different ways. First, the hackers are distributing the malware through Chinese-themed apps. Second, they are only receiving ransom payments through a Chinese payment app, WeChat. Unless the ransomware creators used fake IDs to create their WeChat profiles, it is believed authorities will be able to track the cyber criminals down.
Lack of Sophistication
Local Chinese cyber security firms claim the ransomware can be decrypted without paying the ransom because the encryption key is hardcoded in the source code. Some of these cyber security firms have started working on free decrypting tools. It is their hope to release them to the public in the coming days.