Yanlouwang Ransomware is malware that is in development, yet it is already causing concern for businesses. The group was discovered in August 2021 in one of its attacks. Yanlouwang is a name of a Chinese entity, known as the god of the underworld, Yanluo Wang. Despite the name being derived from an Asian culture, there is no information on the ransomware’s place of origin.
Despite being in testing stages, the ransomware was able to break into the systems of large institutions such as Walmart. In a post on the group’s leak site, they claim to have accessed around 40,000 to 50,000 Walmart computers. The hackers asked for $55 million to hand over the files, but the company ignored the negotiation and resorted to other methods to recover the data. Walmart denies such an attack.
The ransomware shows no interest in stealing the victims’ files but only encrypts them using the RSA-1024 encryption algorithm. When systems are infected, all files are given the extension “.yanluowang” and if ransomware requirements are not met, threats of DDoS (Distributed Denial of Service) attacks are carried out.
According to Kaspersky, the countries that suffered the most attacks from the group were the US and Turkey, both responsible for 20 per cent of the victims, and Brazil with 16 per cent of the targets. The ransomware operates in these countries targeting organisations in the finance, manufacturing, IT, consulting and engineering sectors.