Chinese ransomware changes Windows login account name and password

Chinese people are not seen in the field of ransomware that much. But this variant of ransomware that originates in China has a new ransomware technique, forcing infected users to pay and unlock the computer.

It is developed by Easy Programming Language as analyzed by Symantec. When a computer is compromised, the threat changes the login account name and password of the current user. The computer will restart itself and will have new credentials after it.

The user could no longer login his account, the victim will see the account name/message and contact the user ID in order to get the new password.

The infected user will be instructed to pay 20 Chinese Yuan ($3.25) if they want the new password.

Symantec writes solution in its blog:

1. Use password “tan123456789” to log into the system and reset the password (as mentioned before, this might not always work as the password may be changed by the malware author)
2. Use another administrator account to log into the system and reset the password
3. If your current account is not a super administrator account, enter safe mode and log in as super administrator and then reset the password
4. Use Windows recovery disk to reset the password