The WeChat Payment is the first ransom warning note asked by the WeChat ransomware that broke out in Chinese Country on 1st December, 2018. According to the Colvet Threat Intelligence System’s inspection and evaluation it is clear that WeChat ransomware has infected more than 100,000 systems in the last four days due to supply chained attacks in China and every hour the affected system are increasing very rapidly.
This WeChat ransomware is the newly detected threat widely spread over china. According to the chronicle statement of a Chinese cyber security company named Velvet Security this ransomware demanded to pay 16 USD or 110 Yuan using features like WeChat pay. The ransom demand of this threat is the only thing by which we could differentiate between WeChat ransomware and the other similar threats. The team of the developer when created this malicious program they uses suspicious scripts into the EasyLanguage programming software which is specially designed for direct distribution of its malicious coding into each applications.
Latest Threat Infecting China
The WeChat ransomware targets only Chinese users and has infected around 100k computer systems. It is capable of stealing the confidential user IDs and their passwords as well as the credit card details of very famous Chinese services like Baidu Cloud Disk, Jingdong, Alipay, NetEase, QQ, AliWangWang,Taobao and Tmall websites.
It can even gather crucial informations like network information, CPU model, screen resolution, and list of installed software from the infected system. It can appends the encrypted file name using .exe, .gif and .tmp file extensions. Then displays a ransom note that demands 110 Yuan on the system screen of the victimized users. If the user wants a decryption key the desired amount has to be paid to the attacker’s WeChat account within three days. Otherwise whole data will get permanently deleted from the server automatically.
Weak Ransomware Has Been Snapped
The Cyber criminals who are responsible for designing of this malicious ransomware can signed the code with the trusted digital certification which have been issued from the Tencent Technologies for avoiding its detection. But there is a good news for the victimized user is that security malware researchers team had cracked this ransomware they recognized that the malware utilizes XOR cipher instead of DES algorithms and also stores its duplicate copy of decryption key at the compromised system with the following path %user%\\AppData\\Roaming\\unname_1989\\dataFile\\appCfg.cfg.
The experts of Velvet Security had released a free of cost ransomware decryption tool which can be used for decrypting the documents that have been encrypted by the malware. The security experts alloted this ransomware to the software programmers called “Luo” who reports its recent inventions to the Chinese authorities.