Officials in China have been struck by a a ransomware email attack, named the GandCrab V5.2 ransomware that has reportedly hit thousands.

The report from National Network and Information Security Information Center, GandCrab V5.2 has been raging in China since March 11, 2019, attacking thousands of computers, enterprises and related research institutions.

According to bitcoin exchange guide, for users that run the Gandcrab file, it encrypts the hard disk data of the victim and pushes them to download the Tor browser. In this way, the attacker logs into the attackers crypto payment window. Users have to pay a ransom to unlock the computer.

The problem is not over yet as cybersecurity analyst David Montenegro pointed out to ChainNews, the GandCrab V5.2 ransomware is currently infected with thousands of Chinese computers, and will continue to affect more Chinese computers by means of long-range attacks.

Reports in China have also shed light on how the perpetrators carried out the attack. Chain News said:

“The attacker will send an email to the victim’s mailbox with the subject “You must report to the police station at 3 pm on March 11!”, the sender name is “Min, Gap Ryong”, and the email attachment name is “03” -11-19.rar”.

Email example (Source: ChainNews)

Then, once the victim downloads and opens the attachment, GandCrab V5.2 will encrypt the user’s host hard drive data after running, and let the victim access the specific URL to download the Tor browser, and then log in to the attacker’s cryptocurrency payment window through the Tor browser. The victim is then required to pay a ransom..

This is not the first big ransomware attack that has taken place. In 2017, WannaCry Bitcoin ransomware attacked more than 150 countries, including China, causing losses of more than $8 billion.