New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

Trend Micro -

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

Ransomware

We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management.

By: Don Ovid Ladores December 10, 2021 Read time:  ( words)

We analyzed new samples of the Yanluowang ransomware, a recently discovered ransomware family. One interesting aspect of these samples is that the files are code-signed using a valid digital signature, which was either stolen or fraudulently signed. They also terminate various processes including Veeam and SQL, which are related to database and backup management.

After being uncovered a few weeks ago, the Yanluowang ransomware (named after the Chinese deity Yanluo Wang) has since been associated with campaigns, and its operators are said to launch targeted attacks on US corporations since at least August this year.

Yanluowang ransomware initial analysis

The Yanluowang ransomware samples we analyzed still have only a few detections as of this writing. Just looking at the files themselves shows very little

Read More: https://www.trendmicro.com/en_us/research/21/l/yanluowang-ransomware-code-signed-terminates-database-processes.html