14 DAY TRIAL // Most pieces of ransomware – the malicious elements that lock computer screens and then demand payment – are developed in Russia and Ukraine. However, Symantec experts have spotted an interesting Chinese version of the threat.
The Ransomlock variant analyzed by Symantec, Trojan.Ransomlock.AF, has been developed in Easy Programming Language and it’s mainly distributed via a popular Chinese IM application.
Once it infects a computer, the malware changes the Windows login password of the current user to “tan123456789.” In addition, it changes the account name to “contact [IM ACCOUNT USER ID] if you want to know the password.”
If victims contact the IM account provided by the cybercriminals, they’re instructed to pay 20 Chinese Yuan ($3.25 / €2.42) if they want the new password.
Symantec experts have been able to determine the password because it’s hardcoded in the sample they’ve analyzed. However, the cybercriminals can change it at any time.