BleepingComputer reports that enterprises are being subjected to highly targeted attacks using the new Yanluowang ransomware.
Symantec Threat Hunter Team researchers discovered Yanluowang during an investigation of a cybersecurity incident in a high-profile organization following suspicious use of the AdFind command line Active Directory query tool was reported.
Threat actors have been found to deliver Yanluowang throughout the organization's systems after launching a malicious tool with key capabilities. Deployment of Yanluowang will then enable disruption of hypervisor virtual machines, stoppage of all precursor tool-harvested processes, file encryption and the addition of the .yanlouwang extension.
Meanwhile, victims have been urged in a ransom note not to inform authorities or ransomware negotiation companies regarding the attack.
"If the attackers' rules are broken the ransomware operators say they will conduct distributed denial of service (DDoS) attacks against the victim, as well as make 'calls to employees and business partners'. The criminals also threaten to repeat the attack "in a few weeks" and delete the victim’s data," said researchers.
Ransomware, Threat Management
Targeted enterprise attacks leverage novel Yanluowang ransomware
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds