UNNAMED1989 WeChat ransomware authors get arrested by Chinese police

Chinese authorities arrested a 22-year-old perpetrator on December 5th

WeChat ransomware author's arrestWeChat ransomware author, the 22-year old Luo Moumou, was arrested on December the 5th.

Tencent and Qihoo 360 security researchers helped Chinese police to find the culprit that was responsible for the development and the release of UNNAMED1989 WeChat ransomware. The 22-year-old Luo Moumou was arrested in Guangdong province on December the 5th. The police also confiscated a variety of computing tools used in the extortion operation.

The poorly coded ransomware managed to infected more than 100,000 users[1] since it was first released on December the 1st. It encrypted users' files with the help of XOR encryption algorithm and displayed a QR code which would help users to complete the payment of 110 Yuan (16USD) via the free messaging and calling app WeChat. According to Tencent, the account that perpetrator used was shut down on December the 2nd.

Additionally, the malware managed to steal 50,000 passwords from victims' accounts, including Chinese online shopping app Taobao, online payment platform Alipay, the IT company NetEase, cloud service Baidu Wangpan and a few others.

According to the official report from Weibo.cn, this type of case was the first in China:[2]

This type of case was the first one in China. The successful detection of the case blocked the further expansion of the virus's invasion of the whole network computer system and effectively curbed the further spread of the virus.

Luo Moumou is now in custody, and police are investigating the case further.

Decryptors for ransomware created

Security researchers are continually working on creating decryptors for different ransomware, and the attempts were successful in GandCrab,[3] GlobeImposter, Jigsaw, Cerber, and many other cases. Because the UNNAMED1989 WeChat ransomware used primitive encryption, security researchers from Tencent and the Velvet Security Team managed to crack the code and release a free decryptor.[4]

While the outcome of WeChat ransomware ended relatively well (the culprit arrested, data decrypted), it still led to 50,000 users personal data compromise. Therefore, no malware should be taken lightly, considering a simple code of UNNAMED1989 managed to infect 100,000 victims.

Chinese cybercrime is on the rise

UNNAMED1989 WeChat ransomware is not the first cyber threat developed by Moumou. In June 2018, he created a “cheat” that allowed him to steal passwords of Alipay accounts and then transfer the funds to himself. The malware could also record keystrokes and upload all the data onto the remote server. According to the report, the code was published on the internet.

Back in April, Chinese police arrested cybercriminals that were selling sensitive information for as little as $2 on the black market. The culprit made more than $17,000 by selling the data during the 5-month operation span.

In September, the police arrested a 30-year old man who was allegedly stealing customer data from Huazhu Group – the Shanghai-based hotel operator. According to reports, almost 500 million pieces of data that related to customers was breached.

China was also accused of producing spying microchips that were used in hardware of major American companies.[5] Nevertheless, both China and corporations like Apple and Amazon deny the allegations.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions