Ransomware, Threat Management

Targeted enterprise attacks leverage novel Yanluowang ransomware

BleepingComputer reports that enterprises are being subjected to highly targeted attacks using the new Yanluowang ransomware. Symantec Threat Hunter Team researchers discovered Yanluowang during an investigation of a cybersecurity incident in a high-profile organization following suspicious use of the AdFind command line Active Directory query tool was reported. Threat actors have been found to deliver Yanluowang throughout the organization's systems after launching a malicious tool with key capabilities. Deployment of Yanluowang will then enable disruption of hypervisor virtual machines, stoppage of all precursor tool-harvested processes, file encryption and the addition of the .yanlouwang extension. Meanwhile, victims have been urged in a ransom note not to inform authorities or ransomware negotiation companies regarding the attack. "If the attackers' rules are broken the ransomware operators say they will conduct distributed denial of service (DDoS) attacks against the victim, as well as make 'calls to employees and business partners'. The criminals also threaten to repeat the attack "in a few weeks" and delete the victim’s data," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.