0

If have been following the news about recent Yanluowang ransomware activity, Kaspersky further wants to touch base to share comment from Yanis Zinchenko, security expert at Kaspersky, for your interest.

RELATED: NCC-CSIRT counsels organisations to adopt stronger measures against Yanluowang ransomware

Comment from Yanis Zinchenko, security expert at Kaspersky

Recently Cisco confirmed that the Yanluowang ransomware group breached their corporate network and extorted them under the threat of leaking stolen files online. This is not the first case of Yanluowang’s impudent attacks we have observed throughout the year.

Yanluowang is a relatively new ransomware, which unknown attackers use to target large companies. It was first reported late last year. Although the malware has only been around for a short period, Yanluowang has managed to target companies from all around the world, with victims across the U.S., Brazil, Germany, UAE, China, Turkey and many other countries.

ADVERTISEMENT

While the gang announced the Cisco breach on their data leak site, the company claims it found no evidence of ransomware payloads during the attack. This behaviour is typical for many ransomware operators as they try to seize every opportunity to extort money and harm their victims’ reputations.

We strongly advise not to encourage ransomware players by paying their ransom – it does not guarantee that they will return the data nor will it stop the attack from happening again. At Kaspersky we are working hard to help companies avoid such outcomes. It is important that businesses follow basic security principles to stay protected and minimise the potential financial and reputational losses associated with a ransomware attack.

While analysing the Yanluowang malware in April, we discovered that the malicious code was not perfect. The vulnerability discovered in the code allowed us to create a file decryptor with the help of a known-plaintext attack. Our Rannoh Decryptor can analyse encrypted files and helps victims of Yanluowang ransomware recover their information.

ADVERTISEMENT

COVER IMAGE: teiss

More in News

You may also like