New Ransomware Family Spotted Targeting US Companies | Researchers Warn of Yanluowang Operations

New Ransomware Family Spotted Targeting US Companies | Researchers Warn of Yanluowang Operations
New Ransomware Family Spotted Targeting US Companies | Researchers Warn of Yanluowang Operations Image from Sigmund on Unsplash

A brand new ransomware family has surfaced out of the blue alarming security researchers that their main target is companies in the United States. With this being said, the researchers are now bringing awareness regarding the Yanluowang ransomware.

Yanluowang Ransomware Making Rounds

According to the story by PCMag, a brand new ransomware family has been spotted making rounds. To detail, the situation, a division of Broadcom Software called Symantec is now saying that they have found evidence that the Yanluowang ransomware has been used directly against companies in the United States ever since "at least" August.

Symantec officially revealed the new Yanluowang ransomware family back in October after it was found being used against what they referred to as "a large organization." To expand the story, the researchers are saying that Yanluowang's operations have been focusing heavily on organizations within the financial sector.

Ransomware Family Not Limited to Organizations

The researchers cautioned, however, that the ransomware family is not limited to organizations within the financial sector but has also targeted companies in the IT services, manufacturing, consultancy, and even engineering sectors.

The company warns that the Yanluowang attacks rely on some really similar tactics, techniques, and even the procedures to attack that was also being used by the previous Thieflock ransomware-as-a-service.

The researchers are now suspecting that the attacks that involve Yanluowang were being conducted by potentially a former affiliate of Thieflock due to the similarities found between the attacks, which involve both families.

Here are the Similarities Found in Thieflock and Yanluowang:

  • The cybercriminals are using custom password recovery tools like GrabFF or other open-source password dumping tools.

  • The cybercriminals are using open-source scanning tools like SoftPerfect Network Scanner.

  • The cybercriminals are using free browsers like Cent and s3browser browsers.

Thieflock and Yanluowang Similarities

The similarities, however, do not really prove that Yanluowang, as well as Thieflock, are both being used by the exact same threat actor. Expanding the research, Symantec still says that the link between both of the attackers currently remains "tentative."

As previously seen in another article by TechTimes, the Joker malware has been making rounds as one of the underestimated malware to hide in certain Play Store apps. With that, the risk of attackers is not just limited to the corporate sector but also directly to consumers as well.

Read Also: Twitter Starts Banning Posting Pictures of People Without Their Consent

Tyler McLellan Comments on the Matter

Tyler McLellan, the principal threat analyst at Mandiant who is also known for co-authoring a report on the group also believed to be responsible for Thieflock back in April, gave his two cents regarding the matter in a tweet.

Tyler retweeted that Symantec is saying that the Yanluowong attacks involve a recognizable "initial reconnaissance phase" followed by data exfiltration, harvesting, and encryption of the victim's files.

Related Article: FBI Document Reveals What Information Messaging Apps Can Share with the Law

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics