Following the recent confirmation by Cisco that the Yanluowang ransomware group breached their corporate network and extorted them under the threat of leaking stolen files online, Kaspersky said they are working hard to help companies avoid such outcomes.
The security firm said it is important that businesses follow basic security principles to stay protected and minimise the potential financial and reputational losses associated with a ransomware attack.
“This is not the first case of Yanluowang’s impudent attacks we have observed throughout the year”, said Yanis Zinchenko, security expert at Kaspersky.
This further collaborate the advisory issued over the weekend by the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) which urged organisations to adopt stronger cybersecurity measures like ensuring their employees use strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it is supported to prevent ransomware attacks.
It also advised organizations to ensure regular systems backup.
The NCC-CSIRT’s warning contained in its advisory of August 12, 2022, signed by Mr. Reuben Muoka, Director, Public Affairs at NCC, came after the Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synchronised from their browser.
NCC-CSIRT estimated potential damage from the incident to be critical while predicting that successful exploitation of the ransomware will result in ransomware deployment to compromise computer systems, sensitive products and customers’ data theft and exposure, as well as huge financial loss to organizations by incurring significant indirect costs and could also mar their reputations.
To this end, Yanis Zinchenko said:
“Yanluowang is a relatively new ransomware, which unknown attackers use to target large companies. It was first reported late last year. Although the malware has only been around for a short period, Yanluowang has managed to target companies from all around the world, with victims across the U.S., Brazil, Germany, UAE, China, Turkey and many other countries.
“While the gang announced the Cisco breach on their data leak site, the company claims it found no evidence of ransomware payloads during the attack. This behaviour is typical for many ransomware operators as they try to seize every opportunity to extort money and harm their victims’ reputations. We strongly advise not to encourage ransomware players by paying their ransom – it does not guarantee that they will return the data nor will it stop the attack from happening again. At Kaspersky we are working hard to help companies avoid such outcomes. It is important that businesses follow basic security principles to stay protected and minimise the potential financial and reputational losses associated with a ransomware attack.
“While analysing the Yanluowang malware in April, we discovered that the malicious code was not perfect. The vulnerability discovered in the code allowed us to create a file decryptor with the help of a known-plaintext attack. Our Rannoh Decryptor can analyse encrypted files and helps victims of Yanluowang ransomware recover their information”.