Yanluowang

Inactive

According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops services, and creates the README.txt file containing a ransom note. It appends the .yanluowang extension to filenames. Cybercriminals behind Yanluowang are targeting enterprise entities and organizations in the financial sector.Files encrypted by Yanluowang can be decrypted with this tool (it is possible to decrypt all files if the original file is larger than 3GB. If the original file is smaller than 3GB, then only smaller files can be decrypted).

6 Victims

Jul 2, 2022 First Discovered

Aug 10, 2022 Last Discovered

1408 Days Inactive

0% Infostealer

0/1 Sites Online

Top Sectors

Technology 1

Consumer Services 1

Telecommunication 1

Known Locations (1)

Yanluowang

jukswsxbh3jsxuddvidrjdvwuohtsy4kxg2axbppiyclomt2qciyfoad.onion

Tools Used

CredentialTheft

GrabChrome, GrabFF, KeeThief, Mimikatz, NirSoft WebBrowserPassView

DiscoveryEnum

AdFind, Cent Browser, S3 Browser, SoftPerfect NetScan

LOLBAS

NTDS Utility (ntdsutil), PsExec, Windows Event Utility (wevtutil)

Networking

Chisel

Offsec

Cobalt Strike, Impacket

RMM-Tools

LogMeIn, ScreenConnect, TeamViewer

Intelligence

📄 1 Ransom Notes
View the actual ransom notes used by this group →

Victims (6)

Hot news straight from Cisco

Technology Discovered: Aug 10, 2022 · Attack est.: Aug 10, 2022

Shorr.com leakage

Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022

Greetings to havi.com and tmsw.com

Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022

Big data dump from various organizations

Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022

Walmart was encrypted

Consumer Services Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022

Cincinnati bell didn’t pay the ransom

Telecommunication Discovered: Jul 2, 2022 · Attack est.: Jul 2, 2022