Symantec Threat Hunter Team Discovers New Ransomware

The Symantec Threat Hunter Team at Broadcom Software recently discovered a new ransomware family called Yanluowang.

Although there are signs that it has been poorly coded due to a lack of sophisticated features, researchers believe it is relatively new and under development, and that it is also dangerous.

In its report on Ransomware, Symantec found, “This tool is often abused by ransomware attackers as a reconnaissance tool, as well as to equip the attackers with the resources that they need for lateral movement via Active Directory. Just days after the suspicious AdFind activity was observed on the victim organization, the attackers attempted to deploy the Yanluowang ransomware.”

Before using the ransomware itself, Yanluowang leaves behind a few signs behind on a compromised computer including the creation of a .txt file with the number of remote computers in the network which is run against Windows management instrumentation to obtain a list of the processes that are run on these machines and are logged in return to the .txt file for a later retrieval.

Once installed, the Ransomware stops all hypervisor VMS that run on a compromised computer, terminates the processes listed in the .txt file, encrypts files, and deposits a readme with a ransom note on the infected computer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web