Cheng Xilun is one of the one-off ransomware that exists, but it isn't at risk of becoming a concern. However, another ransomware derived from this one was created about five years after this one called D0glun. The attestation for determining that Cheng Xilun and D0glun are related is in the file details. The file contents for Cheng Xilun are as follows:
Copyright: QQ424714982 TG@CXL13131
Product: 8180VPN
Description: QQ424714982 TG@CXL13131
File Version: 1.0.0.0
Comments: BY程夕伦
The Copyright and Description highlight the communication mediums and identifiers for the author, and the author is 程夕伦 (Cheng Xilun). It's worth mentioning that the ransomware is named after the alleged author, which also is the file extension of encrypted files. Additionally, the file impersonates a VPN service. The essential notes here are the communication identifiers. The communication identifiers match exactly with D0glun, also named after the suspected author of that ransomware.
Both Cheng Xilun and D0glun share similarities to the leaked Windows version of Babuk. Therefore, we place the lineage as Babuk->Cheng Xilun->D0glun. All share the same mechanism to encrypt files with AES-256, which remains one of the fastest to encrypt files as of this writing. Much of the ransomware is in Chinese, and the ransom requested is 600 RMB, furthering the evidence that the author is likely from China.
