Chinese police arrested the UNNAMED1989 / WeChat Ransomware developer who recently in China alone it managed to infect over 100K users within a few days.
The UNNAMED1989 ransomware was released on December 1st and within days had infected 100.000 victims. This ransomware encrypted them archives of victims using XOR encryption and then displayed a QR code asking for a ransom of 110 yuan or about €14 to be paid via WeChat.
According to reports by Chinese media, with the help of security teams Tencent and Qihoo 360, authorities were able to locate and arrest a 22-year-old man named Luo Moumou on December 5. After his arrest, Mumu admitted to creating this ransomware.
Moumou created one application which was very successful and promoted rapidly as it allowed users to steal her accounts Alipay (this is a company similar to PayPal) and get money. This app, however, contained the code ransomware as well as other tools that helped spread the ransomware.
Since this ransomware had also stolen passwords for popular Chinese websites, authorities are advising Chinese market users to change the passwords for Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall and Jingdong.
UNNAMED1989 ransomware used only XOR encryption, and so on have been released by the Tencent team and the Velvet security team decryptors. Using these decryptors, victims can get their files back for free.