Yanluowang is a human-operated ransomware group that emerged in July 2021, though it was first publicly identified in October 2021 by Symantec's Threat Hunter Team. The group ceased operations in late 2022 following a significant leak of its internal chat logs and source code. Despite its name, which derives from Chinese mythology, the group is assessed with high confidence to be of Russian origin, with operators intentionally feigning a Chinese identity to mislead analysts. Yanluowang's primary motivation is financial gain, achieved through targeted ransomware attacks and a double extortion model. The group distinguished itself through its specific operational pattern, which included halting hypervisor virtual machines and terminating processes such as SQL and Veeam before encrypting files. Additionally, Yanluowang threatened victims with Distributed Denial of Service (DDoS) attacks and outreach to employees and business partners if ransom demands were not met. The group is also known

URLs nuevas detectadas en IntelTracker