The new form of ransomware, Yanluowang, are distributing by the cyber criminals in attacks against victims in which they are not only encrypt the network but also makes the threats to launch distributed denial of service attacks and to harass the employees, and the business partners if the ransom is not paid.
The ransomware was uncovered by cybersecurity researchers in Broadcom Software’s Symantec Threat Hunter team, while they were investigating an attempted cyber attack against the large disclosed organization.
The attempted attack was not successful, the investigation revealed the new form of ransomware. It provided the insight into how some cyber criminals are attempting to makes the attack more effective in this case with the threat of additional attacks.
Read more: Has your internet connection bandwidth been sold?
One message by the researchers telling that the victim they have been infected with Yanluowang ransomware telling them message a contact address to negotiate a ransom payment. It warns the victims to not contact with the police or other FBI authorities or not to connect the cyber security company. It is implied that if the victims does this they won’t get their data back.
They also suggest that if the victims are not cooperative they will return with additional attacks or even delete the encrypted data that will lost permanently. It is not clear yet that how the cyber criminals gained access to the network. Researchers still uncovers the attack identifying suspicious use of AdFind a legitimate command line in the active Directory query tool.
The tool is often abused by the ransom ware attackers, and is used as a reconnaissance technique for exploiting Active Directory and finding additional ways to secretly move around the network having the ultimate goal of deploying ransom ware.
This ransom ware appears to be a work in progress, so that it could become more effective in future. However there are certain steps and precautionary measures that the organization can takes to avoid such types of malicious attacks.