Chinese law enforcement have arrested the developer*of the*UNNAMED1989*/ WeChat*Ransomware that recently took China by storm and infected over 100K users in a few days.
The*UNNAMED1989*Ransomware was released on December 1st and in a matter of days quickly infected 100k*victims. This ransomware would encrypt a victims files using XOR encryption and then display a QR code where they demanded a ransom payment of 110 Yuan, or approximately $16 USD, *to be paid via WeChat.
UNNAMED1989 / WeChat Ransomware
According to*a report*from Chinese media, with the help of Tencent and Qihoo's*360 Security teams, the authorities were able to track down and arrest a 22 year old man named*Luo Moumou*on December 5th. After his arrest, Moumou*allegedly admitted to the creation of this ransomware.
Ransomware Arrest
This report states that*Moumou*created a development module that was promoted as*allowing users to steal Alipay accounts and their associated funds.*This module, though, contained the ransomware code and any other programs that utilized the module would help to spread the ransomware.
"In June 2018, Luo Moumou independently developed the virus "cheat", which was used to steal the account password of others Alipay, and then steal funds by means of transfer," stated a report by "At the same time, a development software module containing the "cheat" Trojan virus code is produced and published on the Internet."
As this ransomware would also steal passwords for popular Chinese sites, the authorities are recommending that users change the password for Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall and Jingdong.
Moumou*has been criminally detained by the police as the case is further investigated.
Decryptors available for the*UNNAMED1989*Ransomware

Thankfully, the*UNNAMED1989*Ransomware only utilized XOR encryption, so decryptors have been released by Tencent and the Velvet Security Team.*

Using these decryptors, victims can get their files back for free.
Thx to*Fly*for the tip!