
Ransomware Infects 100K PCs in China, Demands WeChat Payment - known
https://movaxbx.ru/2018/12/05/ransomware-infects-100k-pcs-in-china-demands-wechat-payment/
======
omarforgotpwd
Lol. THis is the programmer equivalent of dumb crooks

1\. Sends money to a centralized service that can track his account, must
share info with Chinese government

2\. Forgot to register domain privately

3\. Instead of using DES or RSA, he just XOR’d the file with a key he hard
coded in the file

4\. He apparently left his name a and phone number in the code?

5\. When they looked at what servers it was pinging, they were able to gain
access because it had not been properly secured

Am I missing anything else?

~~~
lifeformed
Hmm... What if it was intentional, to frame someone else?

~~~
lordnacho
So, person is either just dumb or playing 8 dimensional chess. I know what I
think.

I normally come to the same conclusion when I'm thinking about politics.

~~~
dsfyu404ed
This isn't 8-dimensions.

For someone who works in this space this would be a simple framing attempt. I
give that like one dimension, maybe one and a half. In reality it's probably
just a dumb crook or someone doing it for the lulz.

~~~
hhh
Someone has a bot that scrapes Github for Discord bot tokens and deletes all
content in servers it has permissions in and replaces it with info saying X
person did it and to "come to his house."

Stuff like that is pretty common I feel for people to use against their
enemies. Especially if it was designed to be small and got out of hand.

------
judge2020
Since WeChat is a central authority, it would be foolish to ask for payment to
the ransomware author's actual WeChat ID. It's very likely whatever ID they're
asking for payments to is automatically generated/pulled/guess/etc so that the
ransomeware's only purpose is to cause havoc and/or waste the government's
time. If the ransomware was created to earn money it would ask for
cryptocurrency like all the others, but then it wouldn't have made as many
headlines.

~~~
zero_iq
Alternative possibility: given the simple, traceable, almost begging-to-be-
caught nature of the malware, and that it so easily led researchers to a name
and address of a potential author, perhaps its goal is actually to frame
someone... to take out a rival hacker, revenge, lulz, ...?

Not saying it's what's actually happening here, but it's something that has
crossed my mind before about malware - that it would be comparatively easy to
lead one or more false trails to shift blame for whatever reason, and I wonder
how many pieces of malware have actually managed to pull this off, and pinned
the blame on an obvious target, e.g. Chinese government, "russian hackers",
etc.

~~~
tomc1985
That, or the creator is just stupid

Reads to me like someone writing viruses that doesn't know a thing about
writing viruses

~~~
autokad
> "Reads to me like someone writing viruses that doesn't know a thing about
> writing viruses"

someone who infected 100,000 machines knows at least 'a thing' about writing
viruses

~~~
tomc1985
I mean yes, it is a remarkable technical achievement.

To use the analogy of an art thief, this is as if he had simply smashed some
glass and made a run for it, without dealing with security systems and
whatnot. He might make it out the door, but now the museum has him on video,
they have his fingerprints, and they're probably going to get the stolen art
back.

------
cauldron
"WeChat Payment"

Although it's a little tricky here, but once you acquired necessary Chinese
IDs with debit cards (more than easy), it's not too hard, old people in
villages are more than willing to sell theirs for sevral hundred RMB.

As for authorities, oh they are more busy maintaining social stability, if
your case(assuming they allow you to register your case since it's obviously a
dead end that effects their stats vital for promotion) are lucky enough to be
included in an operation couple months later then maybe they can find out
which countries these hustlers are at and cases closed.

~~~
onetimemanytime
>> _As for authorities, oh they are more busy maintaining social stability_

Never embarrass the powers that be though, 100K PCs and growing daily it's not
a small incident.

~~~
notahacker
Yeah. I'm thinking the real issue with using a single set of probably
bought/stolen ID and infecting a few hundred thousand PCs is that you attract
just enough attention for the authorities to be motivated to track you down.
And unlike cybercriminals attacking mostly Western targets, I doubt they're
safely overseas.

------
hkai
How is it done if every WeChat account has to be tied to a real life ID and
vouched for by several established users?

~~~
pixelperfect
I've heard this before but I created a WeChat account last week and didn't
have to provide anything other than a phone number for a SMS verification
code.

~~~
dangrover
In China, when you get a phone number, you have to give them your national
ID/身份证. So anything you authenticate with a phone number could be traced back
to you.

------
gcbw2
for anyone saying this is outright dumb, remember they are criminals.

They are probably receiving the money in different, probably years old, honest
accounts. Which the real owner is compromised (e.g. hacked. or being coerced
to send the payment out as soon as it is received under threats, etc)

Not seeing this is why developers should not assume they can wear the threat
modeler hat.

Also, when you are a B2C like ransonware folks are, it is very hard to make
the victim get bitcoins even if their life depends on the data you are holding
hostage. Using weechat in china gets them zero attrition.

------
C1sc0cat
Someone's familys going to get a bill for a 9mm pill.

------
gruez
what's the point of this when the money is obviously going frozen/siezed by
the authorities?

------
otoburb
Ironically, because of government reach and close technology company
collaboration, including significant minority stakes in such companies, it
would seem that malware groups operating in China have to be a lot better than
their counterparts operating in other countries to remain at large for very
long.

~~~
onetimemanytime
Russia is probably the best bet, not China. No extradition and pay FSB their
share, and you may have the _best_ chance on earth to get away with these
things.

