Chinese Authorities Seize Ransomware Creators distributing WannaCry Copycat for Android

Chinese Police caught a pair of young people who spread a type of SLocker Android ransomware virus that was modified to resemble WannaCry, another ransomware that stretched around the globe in the course of May infecting Windows users.

The two arrests happened in the beginning of June just several days after infosec specialists from Tencent and Qihoo 360 had discovered initial virus attacks.
Ransomware virus was masked to look like a plugin for widespread and trendy Chinese mobile game called King of Glory.

This WannaCry copycat was derived from a recent version of the SLocker ransomware, an Android virus type which has lately been seen a renaissance in the first Quarter of 2017.

Law enforcement representatives stated the ransomware authors managed to infect around one hundred user devices. The ransomware effect was minimal since its creators didn’t possess the expertise and knowledge required for massive distribution. The pair of criminals utilized hyperlinks on Chinese discussion boards and community forums to distribute their fake Kings of Glory plugin.

Ransomware authors had a number of opsec slipups and failures which led them to arrests.

The time malware experts initially discovered this Android ransomware campaign, they noticed the insufficient knowledge and skills of its authors as the gang chosen easy-to-track means of payments to manage transactions from infected individuals.

The crooks requested people to transmit 40 Chinese Renminbi, approximately 6 USD, using Chinese transaction services like Alipay, QQ and WeChat. Those transactions put a track of signs leading back to the criminals thanks to the fact of heavily controlled finances in China.

Police didn’t mention the way they tracked down the criminals, however officers noted on June 7, they imprisoned a 20-year-old male called Chen from the town of Wuhu in Anhui province, and a 13-year-old youngster called Jinmou from the town of Anyang in Henan province.

Cops state the older guy was responsible for building up the ransomware, and the second person was responsible for the distribution.

Hackers were caught just five weeks after they started creating their ransomware virus. Police confiscated phones and other digital gadgets the two suspects. Investigators declared they discovered 34 different malware product samples on the confiscated.

The investigation indicates the couple began creating their ransomware virus in May and launched it on June 2. As a consequence of errors and common mistakes the two made in managing paybacks and bad camouflaging their traces, they both appeared in police custody within 7 days after launching their ransomware operations.

Chinese security organization Tencent led an essential role in the malware analysis and unmasking the criminals.

Tags: , , , ,

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>