Tuesday, March 11, 2025
HomeComputer SecurityA New Ransomware Strain Spreading Rapidly and Infected More than 100,000 Computers

A New Ransomware Strain Spreading Rapidly and Infected More than 100,000 Computers

Published on

SIEM as a Service

Follow Us on Google News

A new ransomware strain spreading as a result of supply chain attack targeting Chinese users starting from December 1 and infected more than 100,000 computers.

The ransomware not only encrypting the system files, but it is also capable of stealing login credentials of popular Chinese online services such as Taobao, Baidu Cloud, NetEase 163, Tencent QQ, Jingdong, and Alipay.

Velvet security researchers who analyzed the ransomware variant found that the attackers added malicious code to easy language programming software and the malicious code will be injected to various other software compiled with it.

In total more than 50 software poisoned with the malicious code, and the ransomware operators using Chinese social networking Douban for C&C communication. The Ransomware also tracks the details of the software installed on the victim’s computer.

The following are the information collected from Victim machine’s, the ransomware operators primarily targeting Chinese users.

  • System version information, current system login username, system login time
    CPU model.
  • Screen resolution.
  • IP and broadband provider name.
  • Software installation information.
  • Security software process information.
  • Online shopping account login information, email login information, QQ number login information, network disk login information, etc.

Generally, Ransomware authors ask victims to make ransom payments through bitcoins, but with this campaign, the threat actors asked victims to make payment through WeChat payment app. Ransomware operators demand victims to pay a ransom of 110 yuan which is nearly $16.

Decryption tool released by Velvet team, WeChat have closed the account used for collecting ransom payments. Here you can see how to Defend the Ransomware Attack.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

“Eleven11bot” Botnet Compromises 30,000 Webcams in Massive Attack

Cybersecurity experts have uncovered a massive Distributed Denial-of-Service (DDoS) botnet known as "Eleven11bot."This new...

SideWinder APT Deploys New Tools in Attacks on Military & Government Entities

The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly...

Apache Pinot Vulnerability Allows Attackers to Bypass Authentication

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for...

Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials

North Korea's Lazarus Group has launched a new wave of attacks targeting the npm...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

“Eleven11bot” Botnet Compromises 30,000 Webcams in Massive Attack

Cybersecurity experts have uncovered a massive Distributed Denial-of-Service (DDoS) botnet known as "Eleven11bot."This new...

SideWinder APT Deploys New Tools in Attacks on Military & Government Entities

The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly...

Apache Pinot Vulnerability Allows Attackers to Bypass Authentication

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for...