A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour.
What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin.
Instead, the attackers are asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China’s most popular messaging app.
Ransomware + Password Stealer — Unlike WannaCry and NotPetya ransomware outbreaks that caused worldwide chaos last year, the new Chinese ransomware has been targeting only Chinese users.
It also includes an additional ability to steal users’ account passwords for Alipay, NetEase 163 email service, Baidu Cloud Disk, Jingdong (JD.com), Taobao, Tmall , AliWangWang, and QQ websites.
A Supply Chain Attack — According to Chinese cybersecurity and anti-virus firm Velvet Security, attackers added malicious code into the “EasyLanguage” programming software used by a large number of application developers.
The maliciously modified programming software was designed to inject ransomware code into every application and software product compiled through it—another example of a software supply-chain attack to spread the virus rapidly.