← Back to Ransomware Tracker

Yanluowang

Inactive
According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops services, and creates the README.txt file containing a ransom note. It appends the .yanluowang extension to filenames. Cybercriminals behind Yanluowang are targeting enterprise entities and organizations in the financial sector.Files encrypted by Yanluowang can be decrypted with this tool (it is possible to decrypt all files if the original file is larger than 3GB. If the original file is smaller than 3GB, then only smaller files can be decrypted).
6 Victims
Jul 1, 2022 First Discovered
Aug 9, 2022 Last Discovered
1318 Days Inactive
0% Infostealer
0/1 Sites Online
Known Locations (1)
Yanluowang
jukswsxbh3jsxuddvidrjdvwuohtsy4kxg2axbppiyclomt2qciyfoad.onion
Tools Used
Exfiltration
RMM-Tools
LogMeIn, ScreenConnect, TeamViewer
DiscoveryEnum
AdFind, Cent Browser, S3 Browser, SoftPerfect NetScan
Networking
Chisel
CredentialTheft
GrabChrome, GrabFF, KeeThief, Mimikatz, NirSoft WebBrowserPassView
Offsec
Cobalt Strike, Impacket
DefenseEvasion
LOLBAS
NTDS Utility (ntdsutil), PsExec, Windows Event Utility (wevtutil)
Intelligence
📄 1 Ransom Notes
View the actual ransom notes used by this group
Victims (6)
Hot news straight from Cisco
Discovered: Aug 10, 2022 · Attack est.: Aug 10, 2022
Shorr.com leakage
Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022
Greetings to havi.com and tmsw.com
Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022
Big data dump from various organizations
Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022
Walmart was encrypted
Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022
Cincinnati bell didn’t pay the ransom
Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022
Source: Ransomware.live | Data cached and served by Digital Checkmark IT Services | Ransomware Tracker