Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as: Dryxiphia

Category: Malware

Type: Ransomware

Platform: Windows


Damage potential: Data encryption and loss, operational disruption, financial loss, DDoS attacks


Yanluowang is a type of malware cybercriminals use to infiltrate a victim’s device and encrypt files. Attackers then ask for a payment to restore access to the files they encrypted. In their ransom note, attackers also threaten that they will launch a DDoS attack if the victim fails to meet their demands.

Cybercriminals have been using Yanluowang in their attacks since 2021 and picking high-value targets in the finance, manufacturing, consultancy, and engineering sectors.

Possible symptoms

Typical signs of a Yanluowang infection are inaccessible files, a ransom note titled “README.txt,” and “.yanluowang” extension in file names. Additionally, you may experience sluggish computer performance or notice an uptick in network activity.

Sources of the infection

Attackers use multiple methods to distribute this ransomware:

  • Phishing emails.

  • Malware-hosting websites and ads.

  • P2P (peer-to-peer) networks.

  • Other malware, such as BazarLoader.

  • Vulnerabilities in the Remote Desktop Protocol (RDP) and other software.


Being cautious online is crucial for protecting yourself from ransomware.

  • Do not click on suspicious links or attachments in emails, especially from unfamiliar senders.

  • Get reliable antivirus software and keep it updated.

  • Block shady websites and malicious ads with NordVPN’s Threat Protection.

  • Back up important data.

  • Enable multi-factor authentication where possible.

  • Close unnecessary RDP ports.

  • Regularly update all software you use to take advantage of the most recent security updates.


Manually removing this ransomware from your device might be challenging. If you suspect your device is under a Yanluowang attack, contact a cybersecurity expert.

Ultimate digital security