© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

New ransomware family, Yanluowang, found by researchers


Malicious actors use a new, albeit underdeveloped, strain of malware to target enterprises, Broadcom's Symantec Threat Hunter Team, announced.

The researchers claim they've got access to a trove of malicious files after an extortion attack against an unnamed large organization. The investigation led the team to believe that the files belonged to an entirely new ransomware family.

The ransomware name Yanluowang refers to Yanluo Wang, a deity in Chinese religion and Taoism. The ominous deity is a judge in the underworld, passing judgment on the dead in their way to reincarnation or hell.

According to Symantec's blog entry, researchers first spotted a suspicious use of AdFind, a legitimate command-line Active Directory query tool on the victim's internal networks.

Ransomware attack
Image by Shutterstock.

The tool is a favorite of ransomware groups, as hackers can use it as a reconnaissance tool and equip the attackers with the resources they need for lateral movement.

Few days after the discovery was made, the attackers attempted to deploy the ransomware. According to the researchers, before Yanluowang is deployed, a precursor tool creates a .txt file for the number of remote machines to check in the command line.

The tool also uses the Windows Management Instrumentation (WMI) to get a list of processes running on the remote machines listed in the .txt file and logs all the processes and remote machine names to processes.txt.

Once these steps are completed, the attackers deploy the ransomware, which in turn stops all hypervisor virtual machines running on the compromised computer; ends processes listed in processes.txt, which includes SQL and back-up solution Veeam.

After that, the ransomware encrypts files on the compromised computer and appends each file with the .yanluowang extension, finally dropping a ransom note named README.txt on the compromised computer.

Much like many other ransomware notes, Yanluowang note warns victims not to contact law enforcement or ransomware negotiation firms.

Threat actors threaten that if the rules are broken, they will make a DDoS attack against the victim, simultaneously calling the victims' employees and business partners.

Year in turmoil

Cyberattacks are increasing in scale, sophistication, and scope. In 2020, ransomware payments reached over $400 million, more than four times the level of 2019. This year will likely set another record benchmark for ransomware cartels globally.

The last 12 months were ripe with major high-profile cyberattacks on network management companies such as SolarWinds, the Colonial Pipeline's oil network, meat processing company JBS, and software firm Kaseya. Pundits talk of a ransomware gold rush, with the number of attack increasing over 90% in the first half of 2021 alone.

Recently, a Russia-linked cyber cartel attacked a major US farm service provider New Cooperative Inc., demanding $5.9 million in ransom. Meanwhile, ransomware recently dubbed Ranion offered an entirely different payment structure. The group only asks for an upfront payment for its malware without additional service fees.

A recent IBM report shows that an average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.


More from CyberNews

Tech giants endlessly exploit our data. Who will put an end to it?

VirusTotal’s first Ransomware Activity Report: the stakes are getting higher

Who let the ‘bugs’ out? It’s probably not who you think

AI should augment human creativity, not replace it

iPhone users ripped off at least $1.4 million through Bumble and Tinder scams

Subscribe yo out newsletter

Leave a Reply

Your email address will not be published. Required fields are marked