A new ransomware strain spreading as a result of supply chain attack targeting Chinese users starting from December 1 and infected more than 100,000 computers.
The ransomware not only encrypting the system files, but it is also capable of stealing login credentials of popular Chinese online services such as Taobao, Baidu Cloud, NetEase 163, Tencent QQ, Jingdong, and Alipay.
Velvet security researchers who analyzed the ransomware variant found that the attackers added malicious code to easy language programming software and the malicious code will be injected to various other software compiled with it.
In total more than 50 software poisoned with the malicious code, and the ransomware operators using Chinese social networking Douban for C&C communication. The Ransomware also tracks the details of the software installed on the victim’s computer.
The following are the information collected from Victim machine’s, the ransomware operators primarily targeting Chinese users.
Generally, Ransomware authors ask victims to make ransom payments through bitcoins, but with this campaign, the threat actors asked victims to make payment through WeChat payment app. Ransomware operators demand victims to pay a ransom of 110 yuan which is nearly $16.
Decryption tool released by Velvet team, WeChat have closed the account used for collecting ransom payments. Here you can see how to Defend the Ransomware Attack.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited,…
A critical vulnerability in BigAntSoft's enterprise chat server software has exposed ~50 internet-facing systems to…
With the growing importance of security compliance for startups, more companies are seeking to achieve…
Two critical security flaws in IBM Storage Virtualize products could enable attackers to bypass authentication…
A newly disclosed path traversal vulnerability (CVE-2024-4885) in Progress Software’s WhatsUp Gold network monitoring solution…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3,…