100,000 Computers in China Attacked by New Strain of Ransomware

More than 100,000 users of Windows PCs in China saw a new ransomware strain hit their machines, encrypting files and holding them to ransom to the sum of 110 yuan. The news emphasizes the importance of having good quality virus protection along with using a VPN on computer systems.

This is the latest in cyber-attacks that are becoming increasingly popular. This time the attack targeted only computers in China with the group or person responsible utilizing the popular WeChat payment for request of the ransom.

Authorities in China are able to track payments through the system so it may lead to the capture of the authors of the ransomware eventually. Of course, they may have used fake IDs to create their profile on WeChat.

China Attacked by New Strain of Ransomware

A New Ransomware Strain in China

This is not the first time that hackers have used the WeChat system to try to extort money. However, in the past it did not take police in China long to find the people involved in attacks, arresting them within months of the attack.

The group or person behind the attack distributed the ransomware via Chinese themed apps on forums and local websites. Computer users became aware of the ransomware and reported it following installation of social media apps. One of the main apps has the name of “Account Operation V3.1”.

Once installed, the ransomware encrypted files so users were unable to get to them, along with stealing information from the user, including login details for online services. Logins affected in the ransomware included Baidu Cloud, Alipay, Tencent QQ and NetEase 163, among others.

Cyber-security firms in China revealed they could decrypt the files of the victims of the ransomware without the need to pay the ransom. They explained this was possible due to the fact the hackers had hardcoded the encryption/decryption key into the source code. Companies are working on decryption keys.

However, Check Point, the cybersecurity firm, revealed there are companies out there who claim they unlock encrypted files legitimately, but who instead are acting as a broker between the victim of ransomware and the attacker.

Russian IT consultancy, Dr. Shifro, claimed encrypted Dharma/Crisis files could be decrypted. Check Point knows there is no decryption key available for that strain, which led to them looking into the consultancy. They discovered Dr. Shifro was negotiating deals with the creators of the ransomware to unlock victim’s files after payment. The consultancy firm passed the cost to the victim, including their own fee.

Between 2015 and 2018 Check Point estimated that Dr. Shifro had been involved with more than 300 ransomware decryptions. Customers paid out an additional $1,000 along with the ransom, to have their files unlocked.

Ransomware is becoming an increasingly popular way of extracting money from people and companies. In the past people only had to address the issue of Trojans and computer viruses that affected the hardware of computers making them difficult, or impossible to use. Today hackers want money and they get it by disabling access to important files and documents. While virus software can help towards stopping ransomware, there is another option, VPN.

VPN or virtual private network hides the true IP address of the computer user allowing surfing of the web anonymously. A VPN ensures computer users are less vulnerable and the more difficult it is for the hacker to install ransomware. A VPN encrypts shared or accessed data making it extremely difficult for hackers to get to it.

A VPN helps to protect against numerous variants of malware, including ransomware and not only recommended for corporate use, but also in households.