Security News > 2022 > April > Kaspersky cracks Yanluowang ransomware, offers free decryptor

Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.

Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday.

The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.

Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.

Another notable characteristic of this ransomware is that it divides files: those smaller than 3GB are completely encrypted, and larger files are encrypted in stripes, typically 5MB after every 200MB. Dangerous, but fixable.

While a free decryptor is a lifesaver for companies already hit by Yanluowang, the vendor naturally recommends enterprises adopt comprehensive defense measures to detect and stop any future infections.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/19/kaspersky_yanluowang_ransomware/