Symantec Threat Hunter Team Discovers New Ransomware

Share post:

The Symantec Threat Hunter Team at Broadcom Software recently discovered a new ransomware family called Yanluowang.

Although there are signs that it has been poorly coded due to a lack of sophisticated features, researchers believe it is relatively new and under development, and that it is also dangerous.

In its report on Ransomware, Symantec found, “This tool is often abused by ransomware attackers as a reconnaissance tool, as well as to equip the attackers with the resources that they need for lateral movement via Active Directory. Just days after the suspicious AdFind activity was observed on the victim organization, the attackers attempted to deploy the Yanluowang ransomware.”

Before using the ransomware itself, Yanluowang leaves behind a few signs behind on a compromised computer including the creation of a .txt file with the number of remote computers in the network which is run against Windows management instrumentation to obtain a list of the processes that are run on these machines and are logged in return to the .txt file for a later retrieval.

Once installed, the Ransomware stops all hypervisor VMS that run on a compromised computer, terminates the processes listed in the .txt file, encrypts files, and deposits a readme with a ransom note on the infected computer.

For more information, read the original story in Tech Republic.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways