The ransomware dubbed Yanluowang targets companies around the world, encrypting files on their computers and blocking access to their systems, so that victims cannot access their data. Previously, victims’ only solution was to pay a ransom to the cybercriminals. However, after analyzing the ransomware, Kaspersky researchers have developed a free tool that allows victims to recover their affected files without using the attackers' key. The tool is already available on the No Ransom website.
Yanlouwang was first discovered in October 2021. Its name is a reference to the Chinese deity, Yanluo Wang, one of the ten kings of hell. According to Kaspersky telemetry, Yanlouwang has been attacking large businesses in the United States, Turkey, Brazil and other countries.
An attack
using Yanluowang begins with an operator manually launching encryption. While
encrypting the victims’ files, this ransomware changes file extensions to “.Yanlouwang.”
After attacking the computer, an open-access file is left with a ransom note.
Cybercriminals threaten the victim that if they go to the police all files on
the infected computer will be deleted. Even after deletion of all files, they
will still not be left alone: Yanluowang's authors threaten to then attack the entire
company with DDoS attacks and ransomware infections on the company’s employee
computers. An example of a Yanluowang attack ransom note
Kaspersky experts analyzed the ransomware and found a vulnerability that allows victims to decrypt files on an infected computer. The user needs to have one or more original files and download a specially designed decryption tool. The victim is then able to decrypt the affected files independently.
“While Yangluowang is not a widespread ransomware threat, it still hurts users and, in the fight against ransomware, every defeated malicious program counts. Ransomware is an international threat, and that is why it is important for the cyber community to cooperate in the fight against ransomware. We hope our contribution helps organizations attacked by Yanlouwang,” comments Yanis Zinchenko, security researcher at Kaspersky.
Read the full report about the Yanluowang on Securelist.
To protect yourself from ransomware attacks, Kaspersky recommends you:
The Yanluowang decryptor has been added to the “No Ransom Kaspersky Rannoh Decryptor” tool. It can be downloaded from the No Ransom website – a project launched by Kaspersky to share solutions and stop the scourge of ransomware.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more atwww.kaspersky.com.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.