Kaspersky Collaborates NCC-CSIRT’s Advisory On Yanluowang Ransomware Group

Following the recent confirmation by Cisco that the Yanluowang ransomware group breached their corporate network.

Furthermore, extorted them under the threat of leaking stolen files online, Kaspersky said they are working hard to help companies avoid such outcomes.

The security firm said it is important that businesses follow basic security principles to stay protected and minimize the potential financial and reputational losses associated with a ransomware attack.

Yanis Zinchenko, a security expert at Kaspersky is not the first case of Yanluowang’s impudent attacks we have observed throughout the year.

Kaspersky Responded Actively To NCC Exhortations

This further collaborates with the advisory issued over the weekend by the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT).

It exhorted organizations to adopt stronger cybersecurity measures like ensuring their employees use strong, unique passwords for every account.

Importantly, enabling multi-factor authentication (2FA) wherever it is supported to prevent ransomware attacks.

It also advised organizations to ensure regular systems backup.

However, it appeared after the Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account.

Yanluowang dreadful Aftermath Attacks

NCC-CSIRT estimated potential damage from the incident to be critical while predicting the successful exploitation of the ransomware.

The ransomware deployment is to compromise computer systems, sensitive products, and customers’ data theft and exposure.

As well as huge financial loss to organizations by incurring significant indirect costs and could also mar their reputations.

Yanluowang is a relatively new ransomware, which unknown attackers use to target large companies. It was first reported late last year.

Yanluowang has managed to target companies from all around the world, with victims across the U.S., Brazil, Germany, UAE, China, Turkey, and many other countries.

While the gang announced the Cisco breach on their data leak site, the company claims it found no evidence of ransomware payloads during the attack.

This behavior is typical for many ransomware operators as they try to seize every opportunity to extort money and harm their victims’ reputations.

We strongly advise not to encourage ransomware players by paying their ransom – it does not guarantee that they will return the data nor will it stop the attack from happening again.

At Kaspersky, we are working hard to help companies avoid such outcomes.

Businesses must follow basic security principles to stay protected and minimize the potential financial and reputational losses associated with a ransomware attack.