Tripwire Blog summary: More Than 100,000 PCs in China Infected by New Ransomware Strain

This is a blogpiece about an interesting, newly discovered ransomware that in my opinion is interesting because some bad decisions were made when creating it and ensuring functionality although it does possess some specific traits that make it a severe threat. First of all, it locks the computer and encrypts the files, then steals login credentials for cryptocurrency services, cloud platforms, email and shopping websites (Bisson, 2018). Then it uses WeChat to get its money through which can be traced and it is in yuan (like we use dollars) not bitcoin or any other cryptocurrency, and it stores the decryption key on the infected system which allowed an anti-virus firm to build a tool to decrypt user’s systems once they found the decryption key and discovered that it uses the XOR operation to encrypt the files.

References

Bisson, D. (2018). More than 100,000 PCs in China infected by new ransomware strain. Retrieved from https://www.tripwire.com/state-of-security/security-data-protection/more-than-100000-pcs-in-china-infected-by-new-ransomware-strain/