Yanluowang Ransomware, new Gang Targets Businesses

Cybersecurity experts have identified a new ransomware gang, which appears to go under the name Yanluowang. Their product, the so-called Yanluowang Ransomware, is being deployed through a multi-stage attack process. The criminals are using the public AdFind utility to gather intel about the Active Directory settings and configuration on the victim's network. They are also using custom malware to gather data about running processes and accessible systems in order to prepare for the final stage of their attack – deploying the Yanluowang Ransomware.

What do Yanluowang Ransomware's Preparations Lead to?

Typically, ransomware attacks aim to lock important data, including databases and backups. However, if a file is in use by another software, the file-locker might be unable to access its contents. This is why the Yanluowang Ransomware checks the processes.txt file that contains information about running processes, and then terminates them. This ensures that it will be able to easily lock databases and backups.

After the infection is successful, it encrypts files and uses the '.yanluowang' extension to tag their names. It then creates the 'README.txt' ransom document. The criminals advise the victim not to contact law enforcement, and to not try to remove the threat. They claim to have stolen a lot of data from the infected systems, and threaten to publish it online unless their requirements are met.

The criminals provide custom emails for each victim, and they are likely to demand a ransom payment through cryptocurrency. So far, there is no information about victims who agreed to pay the Yanluowang Ransomware creators. There is no guarantee that paying them will get your files back, or prevent them from leaking files online. Recovering from ransomware attacks is never easy, and prevention is always the best course of action. Using proper security measures and antivirus software can protect your system and network from the Yanluowang Ransomware infiltration.

October 21, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.