Trend Micro -
We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management.
We analyzed new samples of the Yanluowang ransomware, a recently discovered ransomware family. One interesting aspect of these samples is that the files are code-signed using a valid digital signature, which was either stolen or fraudulently signed. They also terminate various processes including Veeam and SQL, which are related to database and backup management.
After being uncovered a few weeks ago, the Yanluowang ransomware (named after the Chinese deity Yanluo Wang) has since been associated with campaigns, and its operators are said to launch targeted attacks on US corporations since at least August this year.
Yanluowang ransomware initial analysis
The Yanluowang ransomware samples we analyzed still have only a few detections as of this writing. Just looking at the files themselves shows very little