Kaspersky Statement on Yanluowang ransomware
Please attribute the statement to Yanis Zinchenko, security expert at Kaspersky
Recently Cisco confirmed that the Yanluowang ransomware group breached their corporate network and extorted them under the threat of leaking stolen files online. This is not the first case of Yanluowang’s impudent attacks we have observed throughout the year.
Yanluowang is a relatively new ransomware, which unknown attackers use to target large companies. It was first reported late last year. Although the malware has only been around for a short period, Yanluowang has managed to target companies from all around the world, with victims across the U.S., Brazil, Germany, UAE, China, Turkey and many other countries.
While the gang announced the Cisco breach on their data leak site, the company claims it found no evidence of ransomware payloads during the attack. This behavior is typical for many ransomware operators as they try to seize every opportunity to extort money and harm their victims’ reputations. We strongly advise not to encourage ransomware players by paying their ransom- it does not guarantee that they will return the data nor will it stop the attack from happening again. At Kaspersky we are working hard to help companies avoid such outcomes. It is important that businesses follow basic security principles to stay protected and minimize the potential financial and reputational losses associated with a ransomware attack.
While analyzing the Yanluowang malware in April, we discovered that the malicious code was not perfect. The vulnerability discovered in the code allowed us to create a file decryptor with the help of a known-plaintext attack. Our Rannoh Decryptor can analyze encrypted files and helps victims of Yanluowang ransomware recover their information.