Also known as: Dryxiphia
Category: Malware
Type: Ransomware
Platform: Windows
Variants: –
Damage potential: Data encryption and loss, operational disruption, financial loss, DDoS attacks
Overview
Yanluowang is a type of malware cybercriminals use to infiltrate a victim's device and encrypt files. Attackers then ask for a payment to restore access to the files they encrypted. In their ransom note, attackers also threaten that they will launch a DDoS attack if the victim fails to meet their demands.
Cybercriminals have been using Yanluowang in their attacks since 2021 and picking high-value targets in the finance, manufacturing, consultancy, and engineering sectors.
Possible symptoms
Typical signs of a Yanluowang infection are inaccessible files, a ransom note titled “README.txt,” and “.yanluowang” extension in file names. Additionally, you may experience sluggish computer performance or notice an uptick in network activity.
Sources of the infection
Attackers use multiple methods to distribute this ransomware:
- Phishing emails.
- Malware-hosting websites and ads.
- P2P (peer-to-peer) networks.
- Other malware, such as BazarLoader.
- Vulnerabilities in the Remote Desktop Protocol (RDP) and other software.
Protection
Being cautious online is crucial for protecting yourself from ransomware.
- Do not click on suspicious links or attachments in emails, especially from unfamiliar senders.
- Get reliable antivirus software and keep it updated.
- Block shady websites and malicious ads with NordVPN’s Threat Protection Pro.
- Back up important data.
- Enable multi-factor authentication where possible.
- Close unnecessary RDP ports.
- Regularly update all software you use to take advantage of the most recent security updates.
Removal
Manually removing this ransomware from your device might be challenging. If you suspect your device is under a Yanluowang attack, contact a cybersecurity expert.
