Kaspersky has decoded a flaw in the encryption of Yanluowang ransomware that can help victims recover affected files without the attackers’ key. The vulnerability in the malware has led the way for Kaspersky to analyse and detect the issue while providing a customer-friendly solution with a free decryption tool. Yanluowang malware, first detected in October 2021, has targeted large companies since August last year, including victims from US, Brazil, Turkey, and small organisations based in Sweden and China.
In a post detailing the current development by cyber-analysts at Kaspersky, the Russian security agency mentioned ways to restore files attacked by Yanluowang ransomware. Apart from basic safety measures like updated software, adequate protection and cybersecurity training, users can take some extra precautions to keep the malware away from affecting their system.
Since Yanluowang ransomware can also target the victims manually, Kaspersky has listed a few comprehensive measures to protect the users from future attacks. It recommends to keep an eye on outgoing traffic and highlight any suspicious connections detected, and perform regular and timely cybersecurity audits, which can avoid targeted attacks.
Kaspersky also suggests that all SOC employees should be trained for cyberthreat data, and ask help from third-party experts as and when needed.