On December 5, 2018 (October 28, 2018 in the lunar calendar), a new ransomware case was found. On December 10, 2018, the much-hyped threat alert of the new ransomware finally came to an end. With the assistance of Tencent's security team and others, Dongguan Internet Police, under the overall command of the Provincial Public Security Department's Cyberpolice Corps, quickly cracked the case of the "12.05" new ransomware virus destroying the computer information system within 24 hours, arrested one virus developer and producer, and seized a batch of Trojan horses and criminal tools. The successful detection of the case promptly blocked the further expansion of the virus's intrusion into the entire network computer system and effectively curbed the further spread of the virus. Only a few hours after the virus appeared, Tencent Computer Butler received a report from the user, closely tracked and analyzed it, and then perfectly cracked its encryption mechanism, providing netizens with multiple versions of decryption tools as soon as possible. At the same time, the WeChat security team has immediately blocked the ransomware author's accounts and urgently frozen the QR code for receiving money. The security of Weixin Pay users 'property and accounts is not threatened. After quickly identifying clues related to the criminal suspect, Tencent's security team reported the case to the police as soon as possible. The Dongguan Cyber Police Detachment responded quickly after learning that the Cyber Police Corps of the Provincial Public Security Department had issued a clue. At 22:00 on December 4, it accurately found out that the suspect's true identity was Luo Moumou (male, 22 years old, from Maoming, Guangdong), and at 2018, the suspect Luo Moumou was arrested at 15:00 on December 5, and the case of the "12.05" new ransomware virus damaging the computer information system was quickly solved within 24 hours. After interrogation, the suspect Luo Moumou confessed to the fact that he made a new ransomware virus to destroy computer information systems. According to his confession, in June 2018, Luo Moumou independently developed the virus "cheat"(the later spread version added the encryption ransomware function and was named "Anonymous 1989" ransomware virus by security vendors), which was used to steal other people's Alipay accounts and passwords., and then steal funds through transfer. At the same time, a development software module containing the "cheat" Trojan virus code is produced and released on the Internet. Any application software written through this development software contains the Trojan virus code. The code automatically runs in the background and records the user's account passwords such as Taobao and Alipay., as well as keyboard operations, and uploads them to the server. The criminal suspect Luo Moumou (Photo source: Ping An Dongguan) is different from other ransomware viruses. This time, the "Unknown 1989" ransomware virus did not directly modify the file suffix. Once infected, the ransomware will encrypt valuable data such as txt and office documents on the user's computer, and release a shortcut saying "Your computer files have been encrypted, click here to decrypt" on the desktop, a decryption tutorial and payment will pop up. QR code, and finally force the victim user to transfer money through mobile phone to pay the decryption fee. It was precisely because the criminal suspect used the "QR code to collect money" method to implement extortion this time that this ransomware incident was once misinterpreted as a "payment virus." In fact, this ransomware is a new type of computer virus that mainly infects the Windows system in the form of emails, program Trojans, and website hanging horses. Whether it is an Apple phone or an Android phone, it will not be infected. Ordinary users don't have to worry too much. The anti-virus software on their computers can intercept viruses after being upgraded. Tencent Security, especially WeChat, has always had "zero tolerance" for any form of online black property crime. It has been continuously cracking down on online black property, achieving precise strikes across the entire chain. WeChat currently has the most secure account protection system in the industry. It will remind and confirm high-risk transaction scenarios through background risk control strategies to protect user payment and property security. Tencent Computer Housekeepers and Tencent Mobile Housekeepers also provide users with computers and mobile phones. Internet provides the strongest security protection. At present, the suspect Luo Moumou has been criminally detained by the police in accordance with the law, and the case is under further investigation. Ma Jinsong, head of Tencent's Security Anti-Virus Laboratory and security expert of Tencent Computer Butler, reminded users that important data should be backed up regularly. The built-in Document Guardian function of the Computer Butler uses redundant disk space to back up document data. In the event of some extreme circumstances, users can use Document Guardian to restore documents. At the same time, users should carefully download software of unknown origin, keep security software such as computer butlers turned on, and intercept and kill ransomware behavior in real time. In addition, infected non-housekeeper users can download a keyless decryption tool through the computer housekeeper official website to perfectly recover encrypted documents, and modify the password of the network platform as soon as possible to prevent further losses.