Yanlouwang Ransomware

Yanlouwang Ransomware is malware that is in development, yet it is already causing concern for businesses. The group was discovered in August 2021 in one of its attacks. Yanlouwang is a name of a Chinese entity, known as the god of the underworld, Yanluo Wang. Despite the name being derived from an Asian culture, there is no information on the ransomware’s place of origin.

Despite being in testing stages, the ransomware was able to break into the systems of large institutions such as Walmart. In a post on the group’s leak site, they claim to have accessed around 40,000 to 50,000 Walmart computers. The hackers asked for $55 million to hand over the files, but the company ignored the negotiation and resorted to other methods to recover the data. Walmart denies such an attack.

The ransomware shows no interest in stealing the victims’ files but only encrypts them using the RSA-1024 encryption algorithm. When systems are infected, all files are given the extension “.yanluowang” and if ransomware requirements are not met, threats of DDoS (Distributed Denial of Service) attacks are carried out.

According to Kaspersky, the countries that suffered the most attacks from the group were the US and Turkey, both responsible for 20 per cent of the victims, and Brazil with 16 per cent of the targets. The ransomware operates in these countries targeting organisations in the finance, manufacturing, IT, consulting and engineering sectors.

Recover files encrypted by Yanlouwang ransomware

Digital Recovery is a company specialising in recovering data encrypted by ransomware. We have been operating in the recovery area for more than 23 years facing the most diverse scenarios and challenges of the market.

We together with the team of experts develop unique solutions that allow adaptation to each case we solve. Including a fully remote recovery mode, speeding up the process and making our services more efficient.

In extreme occurrences, we offer a solution in emergency mode, which provides an exclusive service with a team to perform the service 24 hours a day.

To bring better results to the recovery procedure, we work in accordance with the General Data Protection Regulation (GDPR) . And as a company, we know the importance of data confidentiality, with this in mind we have developed our NDA (Non-Disclosure Agreement).

Contact us and request a diagnosis right now, we provide a team that serves 24×7.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Récupérer le Ransomware Makop

Makop Ransomware

The Makop ransomware has grown through its affiliate programme, RaaS (Ransomware as a Service), a tactic that aims to find partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.