The beginning of December 2018 was a tense time in China, for both online users and cybersecurity specialists because of one really persistent and widespread threat called UNNAMED1989, or also known as WeChat ransomware. This cryptovirus managed to infect over 100k computers within then matter of a few days, demanding for 110 Chinese yuan ($16 USD) ransom, which had to be paid via WeChat app. But the encryption was not the only part of this virus, that drove malware experts and local police join their forces in order to catch the crook, it was the password-stealing module, that was gathering user login data from popular sensitive information containing websites like Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall and Jingdong.
If you, or your antivirus, weren’t aware of the password-stealing Trojans, most likely you have heard of or experienced yourself the WeChat ransomware, because of its infected user number sky-rocketed just like the infamous GandCrab, WannaCry, Locky and etc. The unique differences of this cryptovirus were asking for a very low payment when the average nowadays is around a 1000$ and the unusual payment method though WeChat program, which is the most used app for free messages and calls. Once the UNNAMED1989 ransomware get in, and lock the files with an algorithm (this case XOR cipher) as every ransom-demanding threat does, the pop-up ransom message would give directions “Your computer has been encrypted, please perform the following operations, scan the QR code, you need to pay 110 to decrypt”.
Fortunately, after a thorough investigation and help from Tencent and Qihoo 360 virtual security companies, a mastermind behind the UNNAMED1989 virus was tracked down. On December 5th, 2018 the police arrested a 22-year-old Guangdong resident Luo Moumou. After a long fight, the young man admitted to being responsible for the current commotion in Chinese cyberspace. Soon enough other shady works of Moumou came to the surface, like the “cheat” Trojan, that was created earlier this year in June and whose purpose was to steal passwords and logins of Alipay users, then transfer found funds it to hacker’s account. It is yet unclear how much money did Luo Moumou managed to collect with the help of his developed malware, but the police are still investigating the case.
Even though the hacker was arrested and the WeChat account, that L.Moumou was using to receive the ransom payments, was suspended on December 2nd, you may still be dealing with the consequences of UNNAMED1989/WeChat ransomware. Luckily, Tencent and Velvet security and cyber professionals came up with a free ransomware decryptor, which you can find Here. In addition to this, it is recommended to change your passwords on all platforms if you were a victim of WeChat virus, especially the before-mentioned money transfer app Alipay, Baidu WangPang, Netease and etc. After the decryption, 2-viruses.com team recommend to as well run a scan with Spyhunter or any other spyware detection program, which will for sure guarantee that the once infected computer can be used safely.