Police arrest suspect in WeChat ransomware attack

Police from China’s Guangdong province have arrested a 22-year-old man surnamed Luo allegedly responsible for creating the country’s first ransomware that requires payment through WeChat.

Law enforcement from the southern city of Dongguan made the announcement on microblogging platform Weibo yesterday (Dec. 6), adding that the suspect, from the province’s Maoming city, was arrested on Dec. 5.

The malware, which was first discovered on Dec. 1, encrypted files on its victims’ computers. It also stole 50,000 user passwords and other data from users of online marketplace Taobao, mobile payment platform Alipay, and cloud service Baidu Wangpan. The ransomware infected more than 100,000 computers.

Victims were then required to use WeChat to pay RMB 110 (around $16) to decrypt their files. Tencent said the payment account was shut down as of Sunday (Dec. 2).

According to the police statement, this is not the first piece of malicious software the suspect has developed. In June 2018, he allegedly created malware capable of stealing Alipay passwords to transfer a victim’s funds.

Data theft has become an increasingly common problem in China. In April, a group of data thieves was found selling personal information for as little as $2. According to an arrestee, he made more than $17,000 between December 2017 and the time he was caught.

In a similar case, police from Wuxi in the eastern Chinese province of Jiangsu uncovered a sophisticated network of data thieves that made up to RMB 1 million trading personal information. The group’s decentralized nature was novel, with its network stretching across numerous Chinese provinces and into Southeast Asia.

In other instances, Apple affiliates have been found stealing iPhone users’ data. While data belonging to users some of the country’s biggest food delivery platforms was sold for as little as RMB 0.10.