Skip to main content

New Ransomware Spreading Rapidly in China Infected Over 100,000 Computers.

By Editor

🆕🆕🆕🆕 NB: While all of you enjoy Reading Our Educative articles, Please, Help us by Donating any amount of Money to Help the Communities of AWUPI in Kijomoro Sub-County, Maracha District - Uganda, by Sending any amount of Money to Mr Stephen Esua, Telephone Number +256 784 179957.
Little amount of your Financial Contributions is Highly Appreciated.
This Charity is Aimed at raising Ugandan Shillings 62 million (17500$) which will be used to buy Chairs, Utensils, Tents and many  more items to Cater for Community Needs during Parties, Funerals and other Events.

Remember: Gifted Hands are those that Give.

Thanks.
🆕🆕🆕🆕.

NEW RANSOMWARE DISCOVERED.

A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour.
What's Interesting? Unlike almost every ransomware malware, the new virus doesn't demand ransom payments in Bitcoin.
Instead, the attackers are asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China's most popular messaging app.
ransomware malware wechat note
Ransomware + Password Stealer — Unlike WannaCry and NotPetya ransomware outbreaks that caused worldwide chaos last year, the new Chinese ransomware has been targeting only Chinese users.
It also includes an additional ability to steal users' account passwords for Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (JD.com), Taobao, Tmall , AliWangWang, and QQ websites.
A Supply Chain Attack — According to Chinese cybersecurity and anti-virus firm Velvet Security, attackers added malicious code into the "EasyLanguage" programming software used by a large number of application developers.
The maliciously modified programming software was designed to inject ransomware code into every application and software product compiled through it—another example of a software supply-chain attack to spread the virus rapidly.
chinese ransomware attack
More than 100,000 Chinese users who installed any of the above listed infected applications got their systems compromised. This ransomware encrypts all files on an infected system, except files with gif, exe, and tmp extensions.
Using Stolen Digital Signatures — To defend against Antivirus programs, attackers signed their malware code with a trusted digital signature from Tencent Technologies and avoid encrypting data in some specific directories, like "Tencent Games, League of Legends, tmp, rtl, and program."
Once encrypted, the ransomware pops-up a note, asking users to pay 110 yuan to attackers' WeChat account within 3 days to receive the decryption key.
tencent digital signature
If not paid within displayed time, the malware threatens to delete the decryption key from its remote command-and-control server automatically.
Besides encrypting user files, the ransomware also silently steals users login credential for popular Chinese websites and social media accounts and send them to a remote server.
It also gathers system information including CPU model, screen resolution, network information and list of installed software.
Poor Ransomware Has Been Cracked — Chinese cybersecurity researchers found that the ransomware has poorly been programmed and attackers lied about the encryption process.

The ransomware note says users’ files have been encrypted using DES encryption algorithm, but in reality, it encrypts data using a less secure XOR cipher and stores a copy of the decryption key locally on the victim's system itself in a folder at following location:
%user%\AppData\Roaming\unname_1989\dataFile\appCfg.cfg
Using this information, the Velvet security team created and released a free ransomware decryption tool that can easily unlock encrypted files for victims without requiring them to pay any ransom.
Researchers also managed to crack and access attackers' command-and-control and MySQL database servers, and found thousands of stolen credentials stored on them.
Who Is Behind This Ransomware Attack? — Using publicly available information, researchers have found a suspect, named “Luo,” who is a software programmer by profession and developed applications like "lsy resource assistant" and "LSY classic alarm v1.1"
malware hacker app
Lua's QQ account number, mobile number, Alipay ID and email IDs match with the information researchers collected by following the attacker’s WeChat account.
After being notified of the threat, WeChat has also suspended the attackers account on its service that was being used to receive the ransom payments.
Velvet researchers have also informed Chinese law enforcement agencies with all available information for further investigation.

PROUD LUGBARA OSUTA YUSUF, A CAREER POLITICIAN, BARRISTER, STUDENT FOR LIFE AND TALENTED IN TECHNOLOGY.

Comments

Post a Comment

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

By Editor
📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed
Post a Comment
Read more

How to Host a Website for Free From Your PC or Laptop.

By Editor
Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...
Post a Comment
Read more

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

By Editor
POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.
Post a Comment
Read more