On February 6th, Tencent Yujian Threat Intelligence Center issued a document stating that during the Spring Festival, a drug operating company was attacked by a ransomware virus, and multiple servers of the enterprise were encrypted, affecting business development. In order to guarantee the business, the drug trading company was forced to pay remuneration. As a result, only part of the documents were restored. Tencent Security Enterprise Emergency Service Center investigated the incident and found that the ransomware in the enterprise was a new variant Heronpiston Ransomware of the GarrantyDecrypt family. The GarrantyDecrypt ransomware family was discovered as early as the second half of 2018. The group will have new variant updates released every few months, and there have been bigbosshors, nostro, metan, teter and other variants. Because it is encrypted with RSA + salsa20 algorithm, once encrypted by the family ransomware virus, it cannot be decrypted by a third party. In the current form, pharmaceutical-related companies have become a valuable social asset. Tencent security experts advise relevant units to strengthen network security measures, avoid the use of weak passwords, and prevent ransomware attacks.