More ransomeware to be aware of: Yanluowang

Discussion in 'Headline News' started by RickAgresta, Oct 14, 2021.

  1. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,384
    Likes Received:
    21,050
    Trophy Points:
    288
    This new ransomware encrypts your data and makes some nasty threats, too
    Group behind new ransomware variant threaten to go beyond encrypting data in their attempts to force victims to pay up.

    Cyber criminals are distributing a new form of ransomware in attacks against victims in which they not only encrypt the network, but also make threats to launch distributed denial of service (DDoS) attacks and to harass employees and business partners if a ransom isn't paid. Dubbed Yanluowang, the ransomware was uncovered by cybersecurity researchers in Broadcom Software's Symantec Threat Hunter team while they were investigating as attempted cyberattack against an undisclosed large organsation. While the attempted attack wasn't successful, the investigation revealed a new form of ransomware. It also provided insight into how some cyber criminals are attempting to make attacks more effective – in this case, with the threat of additional attacks.

    SEE in article: A winning strategy for cybersecurity (ZDNet special report)

    Yanluowang drops a ransom note telling the victim they've been infected with ransomware, telling them to message a contact address to negotiate a ransom payment. The note warns victims not to contact the police, FBI or authorities, and not to contact a cybersecurity company – it's implied that if the victim does this, they won't get their data back. But the cyber criminals behind Yanluowang go even further with their threats, suggesting that if the victim calls in outside help, they'll launch DDoS attacks against the victim – overflowing their websites with so much traffic they'll crash – and they'll make calls to employees and business partners. They also suggest that if the victim isn't cooperative, they'll return with additional attacks or even delete the encrypted data so it's lost forever. "It's difficult to say if this is a genuine threat. However, it's certainly in line with what we're seeing from other ransomware actors who seem to feel threatened by victims calling in law enforcement or sharing information with third parties," Dick O'Brien, principal editor at Symantec, told ZDNet. It's still unclear how the cyber criminals gained access to the network, but researchers uncovered the attack after identifying suspicious use of AdFind, a legitimate command line in the Active Directory query tool. This tool is often abused by ransomware attackers and is used as a reconnaissance technique for exploiting Active Directory and finding additional ways to secretly move around the network, with the ultimate goal of deploying ransomware. In this case, the attackers attempted to deploy ransomware just days after the suspicious activity was identified – and ultimately the attempted ransomware attack was prevented because the tell-tale signs of an attack had been recognised and blocked. Nonetheless, the emergence of yet another new ransomware group, particularly one making additional threats in order to coerce victims into paying ransoms, is an unwelcome development.

    SEE in article: BYOD security warning: You can't do everything securely with just personal devices

    The ransomware appears to be a work in progress, so it could become more effective in future. However, there are steps that organisations can take to protect their businesses from this threat and other forms of ransomware.

    Link:
    https://www.zdnet.com/article/this-...s-your-data-and-makes-some-nasty-threats-too/
     
    lelisa13p and Hook like this.
  2. Hook

    Hook Hookette says 'Tis the season!

    Messages:
    20,168
    Likes Received:
    13,233
    Trophy Points:
    288
    1. Ransomeware attack appears
    2. Remove Hard drive, send to FBI
    3. Install new, clean hard drive.
    4. Brew coffee for session of reinstalling OS and restoring back-ups. :vbwink:

    Of course these things are much more targeted to business environments than individuals, I would expect.
     
    scjjtt, lelisa13p and RickAgresta like this.
  3. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    23,850
    Likes Received:
    9,897
    Trophy Points:
    288
    Egad. :vbmad:
     
    scjjtt and Hook like this.
  4. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,629
    Likes Received:
    6,906
    Trophy Points:
    113
    This is the stuff nightmares are made of. I've seriously thought of these problems at work, many times. I do my best, but I'm one person, co-teamed with someone that is paid to keep the network lights blinking green and secured. You realize very quickly how fast you're out-gunned and how fortunate you are that so far, you've not been impacted. :eek:
     
  5. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,384
    Likes Received:
    21,050
    Trophy Points:
    288
    Hoping it stays that way for us all :newpalm:!
     
    scjjtt, Hook and lelisa13p like this.
Loading...

Share This Page