New ransomware demands payment over WeChat Pay in China

The digital wallet is one of two that are most commonly used in China. But the internet is unfazed.

WeChat Pay is an ubiquitous payment method in China.
Miguel Candela / SOPA Images/SOPA Images/LightRocket via Getty Images

Ransomware attacks may have dwindled since the destructive days of WannaCry and NotPetya last year, but a new one has struck mobile-centric China and it's asking for ransom through one of the country's most popular methods of payment.

Over 20,000 computers have fallen victim to an unnamed ransomware that is demanding payment via WeChat Pay, local media reported today, adding that the number is still growing. WeChat Pay, owned by Chinese tech giant Tencent, is one of China's two most commonly used digital wallets in the country.

Files on the affected devices are encrypted by the ransomware. It also steals passwords to popular sites including shopping platforms Taobao, Tmall and, as well as digital wallet Alipay, Baidu Cloud, internet company NetEase's 163 email service and Tencent's instant messaging platform QQ.

To regain access to the files, users are asked to scan a WeChat QR code that appears in a pop-up window and pay 110 yuan (about $16) in ransom.

While data breaches are happening too often and typically have people worried about the harm these can cause, it doesn't look like people in China are too worried about having their Alipay accounts taken. Comments on Weibo cite a confidence in Alipay's security. And if it fails? "At least my account is insured," said one user.

Screengrab by Zoey Chong/CNET

Some are thankful they have "no money," while others wondered why anyone would want to steal an Alipay account unless they intended to help users pay for their Huabei credit bills. Huabei is a service by Alibaba's Ant Financial company which is similar to a credit card.

Screengrab by Zoey Chong/CNET

One user summarised the online sentiments best, asking, "This is silly, you should [ask for] Bitcoin."

Screengrab by Zoey Chong/CNET

It doesn't mean no one is worried at all though. One user warned the perpetrator not to touch his cloud account.

Screengrab by Zoey Chong/CNET
Now playing: Watch this: Ransomware is so big, hackers are staffing help desks