“Kaspersky Labs has announced the release of a new free solution to decrypt files tainted by encryption trojans.
As the developers point out, the new tool can deal with files encrypted by the Yanluowang malware by restoring access to them. The name refers to the Chinese deity Yanluo Wang, a judge in the world of the dead. The malware was discovered in October 2021 and has been used in attacks against companies in several countries, including the United States, Turkey, and Brazil.
In the attack, attackers run a file encryption process in which the extensions are changed to .yanlouwang. Then they leave a demand file in which they threaten that if the victim goes to the police, all files on the infected device will be deleted, a DDoS attack will hit the company and the file deletion attack will happen again in a few weeks.
Kaspersky Lab experts analyzed the malware and found a vulnerability that allows files on an infected computer to be decrypted.
Kaspersky Lab cybersecurity expert Yanis Zinchenko explained:
Yanluowang is not yet very widespread at this time, but it should not be underestimated. Cryptojackers continue to be one of the main cyber threats around the world, so it is important to join the efforts of cybersecurity experts to combat them. We are confident that the tool we developed will help companies attacked by Yanlouwang.