Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises.
Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used in highly targeted attacks against large enterprises.
The discovery is part of an investigation into a recent attempted ransomware attack against a large organization.
“The Threat Hunter Team first spotted suspicious use of AdFind, a legitimate command-line Active Directory query tool, on the victim organization’s network. This tool is often abused by ransomware attackers as a reconnaissance tool, as well as to equip the attackers with the resources that they need for lateral movement via Active Directory.” reads the analysis published by Symantec. “Just days after the suspicious AdFind activity was observed on the victim organization, the attackers attempted to deploy the Yanluowang ransomware.”
The researchers noticed the use of the legitimate AdFind command line Active Directory query tool that is often abused by ransomware operators as a reconnaissance
Read the article