New Ransomware Encrypts Data and Makes Nasty Threats

Cybercriminals spread a new form of ransomware in attacks on victims, in which they not only encrypt the network, but also issue threats to launch distributed denial of service (DDoS) attacks and force employees and business partners to pay a ransom.

The ransomware, called Yanluowang, was discovered by cybersecurity researchers from Broadcom Software’s Symantec Threat Hunter team as they investigated an attempted cyber attack against a large, unidentified company.

Yanluowang drops a ransom note that informs the victim about the ransomware infection and urging them to provide a contact address to negotiate a ransom payment. The note warns victims not to contact the police, the FBI or authorities and not to contact any cybersecurity company – unless they want to lose their data forever.

However, the cyber criminals behind Yanluowang go even further with their threats: when the victim requests outside help, they launch DDoS attacks – flooding their websites with so much traffic that they crash. They also threaten the victims with further attacks or even permanently delete the encrypted data.

Researchers discovered the attack after seeing the suspicious use of AdFind, a legitimate command line in the Active Directory query tool.

The ransomware still seems to be a work in progress so that it could become more effective.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web