Cisco has confirmed that the Yanluowang ransomware group has entered its corporate network. However, no sensitive data is said to have been stolen or encrypted. Kaspersky provides a free decryption tool for victims of the Yanluowang group.
Yanluowang is a relatively new ransomware used by unknown attackers to target large companies. It was first reported late last year. Although the malware has only been on the market for a short time, Yanluowang has managed to target companies from all over the world including USA, Brazil, Germany, UAE, China, Turkey and many more countries. The Cisco servers were also penetrated.
Thankfully, Yanluowang malware was buggy
"When analyzing the Yanluowang malware in April, we found that the malicious code was not perfect. A vulnerability discovered in the code allowed us to develop a decryption tool using a known plaintext attack. Our Rannoh Decryptor can analyze encrypted files and help Yanluowang ransomware victims recover their information.” Yanis Zinchenko, security researcher at Kaspersky. Kaspersky has been tracking the ransomware group for over a year and even provided a decryption tool for Yanluowang in April.
Activities of the Yanluowang ransomware group
"The gang announced the Cisco attack on their data leak site, but Cisco says they found no evidence of the ransomware payload during the attack. This behavior is typical of many ransomware actors; they try to use every opportunity to extort money and tarnish their victims' reputations.
We strongly advise against encouraging ransomware actors into their business model by paying the ransom demanded. Payment does not guarantee that the data will be recovered or that the same company will not be attacked again. Kaspersky works hard to help companies avoid this. Businesses must follow basic security principles to protect themselves from ransomware attacks and to minimize the potential financial and reputational losses.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/