Yanluowang Ransomware Now Targeting US Companies | PCMag

Yanluowang Ransomware Now Targeting US Companies | PCMag

A new ransomware family appears to be making the rounds. Symantec, a division of Broadcom Software, says it’s found evidence of the Yanluowang ransomware being used against US companies since at least August.

Symantec revealed the Yanluowang ransomware family in October after it was used against “a large organization.” Now it says Yanluowang’s operators “have been heavily focused on organizations in the financial sector but have also targeted companies in the manufacturing, IT services, consultancy, and engineering sectors.”

The company also says that Yanluowang attacks rely on similar tactics, techniques, and procedures to attacks conducted with the Thieflock ransomware-as-a-service. It suspects that attacks involving Yanluowang are being conducted by a former affiliate of Thieflock based on these similarities between attacks involving both families:

Use of custom password recovery tools such as GrabFF and other open-source password dumping tools

Use of open-source network scanning tools (SoftPerfect Network Scanner)

Use of free browsers, such as s3browser and Cent browser

These similarities don’t necessarily prove that Yanluowang and Thieflock are being used by the same threat actor, however, and Symantec says the link between the two is “tentative.” Mandiant principal threat analyst Tyler McLellan, who co-authored a report on the group believed to be responsible for Thieflock in April, tweeted:

Recommended by Our Editors

Symantec says that Yanluowang attacks typically involve an initial reconnaissance phase followed by credential harvesting, data exfiltration, and finally the encryption of the victim’s files. The report from October says the ransom note also includes a threat of distributed denial-of-service attacks and “calls to employees and business partners.”

Like What You’re Reading?

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

Your subscription has been confirmed. Keep an eye on your inbox!

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.