Kaspersky has identified a vulnerability in the encryption of the Yanluowang ransomware, allowing victims to recover compromised files without relying on the attackers’ key. This flaw in the malware prompted Kaspersky to conduct a thorough analysis and subsequently offer a user-friendly solution in the form of a free decryption tool. Yanluowang malware, initially identified in October 2021, has been targeting large companies since August of the previous year, affecting victims in the US, Brazil, Turkey, as well as small organizations in Sweden and China.
In a recent update provided by Kaspersky’s cyber-analysts, the Russian security agency outlined methods for restoring files affected by the Yanluowang ransomware. In addition to fundamental security measures such as keeping software up to date, ensuring adequate protection, and providing cybersecurity training, users can adopt extra precautions to prevent the malware from compromising their systems.
Given that Yanluowang ransomware has the capability to target victims manually, Kaspersky has outlined comprehensive measures to safeguard users from potential future attacks. Recommendations include monitoring outgoing traffic, identifying any suspicious connections, and conducting regular and timely cybersecurity audits to mitigate the risk of targeted attacks.
Kaspersky also advises that all employees in Security Operations Centers (SOC) undergo training in cyberthreat data and seek assistance from third-party experts as needed.
