Kaspersky Lab announced the release of a new free solution to decrypt files corrupted by ransomware trojans.
According to the developers, the new tool allows you to deal with files encrypted by the Yanluowang malware, restoring access to them. The name refers to the Chinese deity Yanluo Wang, the judge of the world of the dead. The malware was discovered in October 2021 and was used in attacks on companies in several countries, including the United States, Turkey, and Brazil.
During the attack, the attackers start the file encryption process, during which the extensions are changed to .yanlouwang. They then leave a demand file threatening that if the victim goes to the police, all files on the infected device will be deleted, the company will be hit by a DDoS attack, and the file deletion attack will be repeated in a few weeks.
Kaspersky Lab experts analyzed the malware and discovered a vulnerability that allows decrypting files on an infected computer.
Cybersecurity expert at Kaspersky Lab Janis Zinchenko explained:
At present, Yanluowang is not yet very widespread, but do not underestimate it. Ransomware continues to be one of the top cyber threats around the world, so it’s important to join forces with cybersecurity experts to combat them. We are confident that the tool we have developed will help companies attacked by Yanlouwang.”