The Chinese police arrested the Ransomware UNNAMED1989 / WeChat programmer who recently only managed to infect more than 100K users in China within a few days.
The UNNAMED1989 ransomware was released on December 1st and within days had infected 100.000 victims. This ransomware encrypted them archives of victims using it encryption XOR and then displayed a QR code demanding a ransom of 110 yuan or around €14 which should be paid via WeChat.
According to reports by Chinese media, with the help of security teams Tencent and Qihoo 360, authorities were able to locate and arrest a 22-year-old man named Luo Moumou on December 5. After his arrest, Mumu admitted to creating this ransomware.
Moumou created an application that was very successful and quickly launched as it allowed users to steal its accounts. Alipay (this is a company similar to PayPal) and get money. This application, however, contained ransomware code as well as other tools to help spread the ransomware.
Since this ransomware had also stolen the passwords access for popular Chinese websites, the authorities recommend that users who use the Chinese market change their password for Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall and Jingdong.
UNNAMED1989 ransomware used only XOR encryption, and so on have been released by the Tencent team and the Velvet security team decryptors. Using these decryptors, victims can get their files back for free.