Yanluowang Ransomware Tied to Thieflock Threat Actor
Researchers at Symantec previously established links between a threat actor and the Thieflock ransomware operation. Now, they have determined that the same threat actor is leveraging the emerging Yanluowant ransomware in a series of attacks against US corporations. The researchers allegedly observed the ransomware being used in an attack against a large organization. They reported that the threat actor has been using the emerging ransomware to target US-based financial companies, as well as companies in the manufacturing, IT services, consulting, and engineering sectors. Symantec released a report on Tuesday detailing the attacks and ransowmare.
The link between Thieflock, a ransomware as a service tool, and Yanluowang has been described by Symantec as tentative. The former ransomware was developed by the Canthroid group, also known as Fivehands. The links demonstrate how there is little loyalty or comradeship between ransomware actors, particularly between those who act as affiliates of RaaS operations, according to Symantec.