Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
218075 TECHREPUBLIC 2021-10-14:
Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware
1.000 Find similar Compare side-by-side
218049 ZDNET 2021-10-14:
This new ransomware encrypts your data and makes some nasty threats, too
0.936 0.628 Find similar Compare side-by-side
218474 ZDNET 2021-10-18:
BlackByte ransomware decryptor released
0.561 Find similar Compare side-by-side
217747 ZDNET 2021-10-11:
Ransomware: Even when the hackers are in your network, it might not be too late
0.542 Find similar Compare side-by-side
217922 TECHREPUBLIC 2021-10-11:
How to combat the most prevalent ransomware threats
0.531 Find similar Compare side-by-side
218038 ZDNET 2021-10-12:
Olympus suffers second cyberattack in 2021
0.006 0.493 Find similar Compare side-by-side
218192 ZDNET 2021-10-13:
Google analysed 80 million ransomware samples: Here's what it found
0.009 0.488 Find similar Compare side-by-side
218009 ZDNET 2021-10-11:
Ransomware is the biggest cyber threat to business. But most firms still aren't ready for it
0.446 Find similar Compare side-by-side
218413 VENTUREBEAT 2021-10-18:
Data breach extortion scheme uncovered by NCC Group
0.429 Find similar Compare side-by-side
218467 ZDNET 2021-10-15:
$5.2 billion in BTC transactions tied to top 10 ransomware variants: US Treasury
0.009 0.428 Find similar Compare side-by-side
218203 ZDNET 2021-10-14:
The White House is having a big meeting about fighting ransomware. It didn't invite Russia
0.419 Find similar Compare side-by-side
218210 ZDNET 2021-10-14:
More than 30 countries outline efforts to stop ransomware after White House virtual summit
0.046 0.418 Find similar Compare side-by-side
218475 ZDNET 2021-10-18:
This new phishing attack features a weaponized Excel file
0.414 Find similar Compare side-by-side
217967 ZDNET 2021-10-11:
Quest-owned fertility clinic announces data breach after August ransomware attack
0.403 Find similar Compare side-by-side
217903 ZDNET 2021-10-12:
Australia's new ransomware plan to create ransomware offences and reporting regime
0.005 0.380 Find similar Compare side-by-side
218144 TECHREPUBLIC 2021-10-15:
The White House holds an international summit on ransomware: What you should know
0.023 0.377 Find similar Compare side-by-side
218446 ZDNET 2021-10-18:
Sinclair confirms ransomware attack after TV station disruptions
0.377 Find similar Compare side-by-side
218396 VENTUREBEAT 2021-10-17:
Report: Cybercriminals refine tactics to exploit zero-day vulnerabilities
0.372 Find similar Compare side-by-side
217965 TECHREPUBLIC 2021-10-12:
How to protect your organization from security threats across your supply chain
0.372 Find similar Compare side-by-side
217855 TECHREPUBLIC 2021-10-13:
Dark Web: Many cybercrime services sell for less than $500
0.353 Find similar Compare side-by-side
218183 ZDNET 2021-10-14:
HP Wolf report highlights widespread exploitation of MSHTML, typosquatting and malware families hosted on Discord
0.352 Find similar Compare side-by-side
218206 ZDNET 2021-10-14:
Acer confirms second cyberattack in 2021 after ransomware incident in March
0.351 Find similar Compare side-by-side
217890 VENTUREBEAT 2021-10-13:
Cyberattack response time averages 2 days, report finds
0.348 Find similar Compare side-by-side
218185 TECHREPUBLIC 2021-10-13:
How to get the most bang for your buck out of your cybersecurity budget
0.346 Find similar Compare side-by-side
218401 VENTUREBEAT 2021-10-17:
Enterprises are scrambling to deploy zero trust security
0.341 Find similar Compare side-by-side

1

ID: 218075

URL: https://www.techrepublic.com/article/broadcom-softwares-symantec-threat-hunter-team-discovers-first-of-its-kind-ransomware/

Date: 2021-10-14

Broadcom Software's Symantec Threat Hunter Team discovers first-of-its-kind ransomware

The Symantec Threat Hunter Team at Broadcom Software has discovered what appears to be a brand new family of ransomware named after the Chinese deity that judges the souls of the dead. Yanluowang is the perfect ransomware for the Halloween season, though this particular malevolent digital spirit lacks the subtlety and sophistication of some of its more established (and more terrifying) brethren. The lack of sophisticated features (and its unknownness) clued researchers into the fact that Yanluowang was likely new, rather than just poorly coded. "It's possible that implementing this was beyond the ability of the developers, but we think it's more likely that they plan to implement it at a later date and this was a minimum viable product," said Symantec principal editor Dick O'Brien.  How to manage passwords: Best practices and security tips (free PDF).   (TechRepublic). It's unknown where Yanluowang came from, who's behind it or if it has been used in any attacks other than the one that Symantec responded to against an unnamed "large organization." Among the files it obtained was code that Symantec said seemed to come from an underdeveloped ransomware family, and they were clued in by some suspicious use of the Active Directory query tool AdFind. " This tool is often abused by ransomware attackers as a reconnaissance tool, as well as to equip the attackers with the resources that they need for lateral movement via Active Directory. Just days after the suspicious AdFind activity was observed on the victim organization, the attackers attempted to deploy the Yanluowang ransomware," Symantec's report said. Yanluowang also leaves a few signs behind on a compromised computer before it actually deploys the ransomware itself: a .txt file with the number of remote machines on the network is created, which is run against Windows Management Instrumentation to get a list of processes running on those machines, which are in turn logged to the .txt file for later retrieval.  Once installed, the Yanluowang ransomware itself stops all hypervisor VMS running on a compromised machine, ends processes listed in the .txt file, encrypts files and drops a readme with a ransom note in it on the infected machine.  The note itself warns victims not to call law enforcement or a negotiator, the result of which would be DDoS attacks against the victim and calls to business partners to inform them of the infection. That chain of events would repeat, with data deletion being the eventual outcome.  O'Brien said that, while new, no element of the Yanluowang ransomware is unique. That doesn't mean Yanluowang isn't a threat, though. " [Yanluowang] may not be as sophisticated as some of its peers, but a successful attack would nevertheless be highly disruptive to any organization," O'Brien said.  Security incident response policy (TechRepublic Premium). Ransomware isn't a problem set to go away anytime soon. If anything, it'll only get worse as ransomware actors become better at writing code and exploiting vulnerabilities. Be sure your organization is following best practices for ransomware, like using zero-trust security and other next-generation security products and architectures. Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays