Sunday, December 3, 2023

A New Ransomware Strain Spreading Rapidly and Infected More than 100,000 Computers

A new ransomware strain spreading as a result of supply chain attack targeting Chinese users starting from December 1 and infected more than 100,000 computers.

The ransomware not only encrypting the system files, but it is also capable of stealing login credentials of popular Chinese online services such as Taobao, Baidu Cloud, NetEase 163, Tencent QQ, Jingdong, and Alipay.

Velvet security researchers who analyzed the ransomware variant found that the attackers added malicious code to easy language programming software and the malicious code will be injected to various other software compiled with it.

In total more than 50 software poisoned with the malicious code, and the ransomware operators using Chinese social networking Douban for C&C communication. The Ransomware also tracks the details of the software installed on the victim’s computer.

The following are the information collected from Victim machine’s, the ransomware operators primarily targeting Chinese users.

  • System version information, current system login username, system login time
    CPU model.
  • Screen resolution.
  • IP and broadband provider name.
  • Software installation information.
  • Security software process information.
  • Online shopping account login information, email login information, QQ number login information, network disk login information, etc.

Generally, Ransomware authors ask victims to make ransom payments through bitcoins, but with this campaign, the threat actors asked victims to make payment through WeChat payment app. Ransomware operators demand victims to pay a ransom of 110 yuan which is nearly $16.

Decryption tool released by Velvet team, WeChat have closed the account used for collecting ransom payments. Here you can see how to Defend the Ransomware Attack.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles