First Ransomware via WeChat Pay Attacks China
Xu Wei|Zhang Yushuo
/SOURCE : yicai
First Ransomware via WeChat Pay Attacks China

 (Yicai Global) Dec. 4 -- Tech titan Tencent Holdings has closed and banned accounts suspected of using a virus infection to extort ransoms and frozen their payment portals to ensure security after users reported ransomware attacks demanding payment via WeChat Pay, the company said.
This is the first time in China for ransomware to extort payment via WeChat.

Internet security technology developer Beijing Huorong Network Technology has received user requests for help from the attacks since last week, it announced today. The virus (Ransom/Bcrypt) is a new type of ransomware which invades users' computers, encrypts files and forces those affected to scan a WeChat QR code to pay CNY110 (USD16) to obtain a decryption key. 

At least 20,000 computers in China have been affected by the virus, which also accesses passwords to the Taobao e-commerce platform of tech juggernaut Alibaba Group Holding, and its Alipay third-party payment platform, as well as emails, Huorong Network Technology confirmed.

After encrypting the file, the ransomware opens a popup that says an affected user must pay the ransom before Dec. 3 to get the key, which will the hacker's server will automatically delete if payment is made after the designated time.

The WeChat QR code and the server are no longer accessible after the infection, however, users attacked by the virus claimed on social media, which means that they cannot pay to acquire the decryption key.

Editor: Ben Armour

Follow Yicai Global on
Keywords: ransom , WeChat , Virus