Chinese Police Arrested UNNAMED1989 Ransomware Developer / WeChat which recently in China alone managed to infect over 100K users within a few days.
The UNNAMED1989 ransomware was released on December 1st and within days had infected 100.000 victims. This ransomware encrypted victims' files using XOR encryption and then displayed a code QR wherever asked ransom of 110 yuan or about €14 which should have been paid through WeChat.
According to reports by Chinese media, with the help of security teams Tencent and Qihoo 360, authorities were able to locate and arrest a 22-year-old man named Luo Moumou on December 5. After his arrest, Mumu admitted to creating this ransomware.
Moumou created an application that was very successful and quickly launched as it allowed users to steal its accounts. Alipay (this is a company similar to PayPal) and get money. This app, however, contained the ransomware code as well as more tools that helped spread the ransomware.
Since this ransomware had also stolen passwords for popular Chinese websites, authorities are advising Chinese market users to change the passwords for Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall and Jingdong.
UNNAMED1989 ransomware used only XOR encryption, and so on have been released by the Tencent team and the Velvet security team decryptors. Using these decryptors, victims can get their files back for free.