The Chinese police arrested the Ransomware UNNAMED1989 / WeChat programmer who recently only managed to infect more than 100K users in China within a few days.
The ransomware UNNAMED1989 was released on December 1 and within a few days had infected 100.000 victims. This ransomware encrypted the victims' files using XOR encryption and then displayed a QR code asking for a ransom of 110 yuan or about € 14 to be paid through WeChat.
According to reports by Chinese media, with the help of security teams Tencent and Qihoo 360, authorities were able to locate and arrest a 22-year-old man named Luo Moumou on December 5. After his arrest, Mumu admitted to creating this ransomware.
Moumou created an application that was very successful and quickly launched as it allowed users to steal its accounts. Alipay (this is a company similar to PayPal) and get money. This application, however, contained ransomware code as well as other tools to help spread the ransomware.
Since this ransomware had also stolen passwords for popular Chinese websites, authorities are advising Chinese market users to change the passwords for Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall and Jingdong.
UNNAMED1989 ransomware used only XOR encryption, and so on have been released by the Tencent team and the Velvet security team decryptors. Using these decryptors, victims can get their files back for free.