Cybercriminals spread a new form of ransomware in attacks on victims, in which they not only encrypt the network, but also issue threats to launch distributed denial of service (DDoS) attacks and force employees and business partners to pay a ransom.
The ransomware, called Yanluowang, was discovered by cybersecurity researchers from Broadcom Software’s Symantec Threat Hunter team as they investigated an attempted cyber attack against a large, unidentified company.
Yanluowang drops a ransom note that informs the victim about the ransomware infection and urging them to provide a contact address to negotiate a ransom payment. The note warns victims not to contact the police, the FBI or authorities and not to contact any cybersecurity company – unless they want to lose their data forever.
However, the cyber criminals behind Yanluowang go even further with their threats: when the victim requests outside help, they launch DDoS attacks – flooding their websites with so much traffic that they crash. They also threaten the victims with further attacks or even permanently delete the encrypted data.
Researchers discovered the attack after seeing the suspicious use of AdFind, a legitimate command line in the Active Directory query tool.
The ransomware still seems to be a work in progress so that it could become more effective.