Researchers have discovered a new ransomware strain dubbed Yanluowang ransomware, that is still in the development process. Its targets? Enterprise entities.
Yanluowang Ransomware: the Name Story
The recent strain was discovered by the threat hunter team from Broadcom’s Symantec and, at a first glance, it stands out through its distinct nickname, which is inspired by the name of a Chinese deity: Yanluo Wang. According to Chinese mythology, he was the Death’s God and Diyu’s Fifth Court Ruler (Diyu being depicted as the Chinese hell). The identification of this particular choice of name seems to be related to the extension it uses for file encryption on affected systems.
How Does Yanluowang Ransomware Work?
According to researchers’ report on this topic, the ransomware strain was discovered while an investigation was ongoing for an incident related to some suspicious activity detection in a high-profile company. This dubious activity was linked to the AdFind command line. As a rule, threat actors use AdFind to achieve data access that will later allow them to perform lateral movement onto the network. AdFind stands basically for a free command-line query tool used for the purposes of Active Directory data gathering.
So hackers tried to deploy Yanluowang ransomware payloads