100,000 windows users hit in China by new ransomware

Ransomware attacks may have dwindled since the destructive days of WannaCry and NotPetya last year, but a new one has struck mobile-centric China and it's asking for ransom through one of the country's most popular methods of payment.

The hackers are distributing rigged apps, disguised as social media apps, on different forums and local websites to infect the users. Many reports claim that one such app goes by the name “Account Operation V3.1” — a Chinese app that helps users manage multiple QQ accounts (a popular Chinese instant messaging service).

The ransomware strain is spreading as a result of supply chain attack which is targeting Chinese users starting from December 1 and has infected more than 100,000 Windows computers till now. The ransomware, that encrypts personal files, demands 110 yuan (~$16).

The digital wallet is one of two that are most commonly used in China. But the internet is unfazed.

The ransomware is not only encrypting the system files, but it is also capable of stealing login credentials of popular Chinese online services such as Taobao, Baidu Cloud, NetEase 163, Tencent QQ, Jingdong, and Alipay.

Velvet security researchers who analyzed the ransomware variant found that the attackers added malicious code to easy language programming software, SDK and the malicious code will be injected to various other software compiled with it.

In total more than 50 software poisoned with the malicious code, and the ransomware operators using Chinese social networking Douban for C&C communication. The Ransomware also tracks the details of the software installed on the victim’s computer.

Also, over 20,000 computers have fallen victim to an unnamed ransomware that is demanding payment via WeChat Pay, local media reported today, adding that the number is still growing. WeChat Pay, owned by Chinese tech giant Tencent, is one of China's two most commonly used digital wallets in the country.