skip to Main Content

Cybercrime, Yanluowang is a new ransomware used in targeted attacks

Symantec: Yanluowang is a new ransomware used in targeted attacks against large organization. The malware deployment is preceded by a reconnaissance with the AdFind tool

Yanluowang is a new ransomware used in targeted attacks against large organization. It has been discovered by Symantec cybersecurity experts. First of all, cybercrime actors exploit the AdFind tool for reconnaissance. Then, they tried to deploy the malware. Once in the victim’s machine, it:

  • Sops all hypervisor virtual machines running on the compromised computer;
  • Ends processes listed in processes.txt, which includes SQL and back-up solution Veeam;
  • Encrypts files on the compromised computer and appends each file with the .yanluowang extension;
  • Drops a ransom note named README.txt on the compromised computer.
Back To Top