Ransomware - Yanluowang

Yanluowang
Aliases
Dryxiphia
Decryptor Available
Yes
Description

In Chinese mythology, Yanluo Wang is the god of death overseeing the "Ten Kings of Hell." Having a name of Chinese origin, one would assume that the Yanluowang ransomware originates from China. However, in late October of 2022, the chat logs from the Yanluowang operators were leaked, revealing the true origin of the malware was from Russian-speaking individuals intentionally masquerading as Chinese operators to throw off analysts. Thus, the ransomware is assumed to be of Russian origin. Yanluowang is ransomware that is typically dropped via BazarLoader directly from a remote connection after the attackers have infiltrated a network. Operators are known to use AdFind to gather information from Active Directory, NetScan to identify IPv4 capable devices, and information stealing tools such as GrabFF, GrabFile, GrabChrome, OpenChromeDumps, and BrowserPassView. This strategic approach indicates that the ransomware is Human-Operated Ransomware (HumOR). It was first seen in late 2021, and Kaspersky was able to create a decryptor due to a defect in the encryption process.

Ransomware Type
Crypto-Ransomware
HumOR
Country of Origin
Russia
First Seen
Last Seen
Threat Actors
Tipo
Actor
Cybergroup
Yanluowang Group
Extortion Types
Direct Extortion
Double Extortion
Communication
Medio
Identificativo
Encryption
Type
Hybrid
Files
Sosemanuk
Key
RSA-1024
Crypto Wallets
Blockchain Type
Crypto Wallet
BTC
bc1q8svd69626nauxh2gvvyp8tndet8fntfph4jnz4
File Extension
<file name>.yanluowang
Ransom Note Name
README.txt
Ransom Note Image
2c2513e17a23676495f793584d7165900130ed4e8cccf72d9d20078e27770e04
49d828087ca77abc8d3ac2e4719719ca48578b265bbb632a1a7a36560ec47f2d
8ec919064791aa84aad6bb1374d6c67a8f5c254820f2f9a849a78f61eb6fada2
b20a6ef5708777fedc6474389b110b8d1323f0ef5bd678f823068ef349475ef8
d11793433065633b84567de403c1989640a07c9a399dd2753aaf118891ce791c
d7d0caeb5208a18e7070e85631712c59486d7f83672c13995cee091dbc8f2b57
Industry Sector Paese Extortion Date Amount (USD)
Real Estate & HousingUnited States
Real Estate & HousingUnited States
ManufacturingUnited States
Distribution & LogisticsGermany
Retail & WholesaleUnited States
TelecommunicationsUnited States
Information TechnologyUnited States