Trend Micro Incorporated : New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

We will continue to monitor events related to the Yanluowang ransomware and share any updates.

Strengthening defenses against ransomware

As new ransomware families continue to emerge, we foresee in our 2022 security predictions report that ransomware operators will use more modern and sophisticated methods of extortion. Moving forward, enterprises must then take extra caution in applying preventive measures.

It would also help enterprises to establish frameworks that would help them with ransomware defense. Here are some of the best practices that they can include in their frameworks:

• Audit and take inventoryof assets and data, authorized and unauthorized devices and software, and logs of events and incidents.
• Configure and monitorhardware and software configurations, and only grant admin privileges and access when absolutely necessary to an employee's role.
• Patch and update for operating systems and applications, perform regular vulnerability assessments, and conduct patching or virtual patching for operating systems and applications.
• Protect and recover essential information and files byenforcing stringent data protection, backup, and recovery measures.
• Perform security skills assessment and training regularly and conduct red-team exercises and penetration tests.
• Secure and defend systems by employing the latest version of security solutions to all layers of the system, including email, endpoint, web, and network.

Trend Micro Vision One™ offers multilayered protection and behavior detection, allowing for the detection of and blocking ransomware early on before it can do any real damage to the system. This is done by identifying questionable behavior that might otherwise seem benign when viewed from only a single layer.

Trend Micro Cloud One™ - Workload Security defends systems against both known and unknown threats that exploit vulnerabilities through techniques such as virtual patching and machine learning. It also leverages the latest in global threat intelligence to provide timely, real-time protection.

Trend Micro™ Deep Discovery™ Email Inspector employs custom sandboxing and advanced analysis techniques to effectively block ransomware before it gets into the system, blocking phishing emails that can be used by ransomware as entry points.

Trend Micro Apex One™ provides a closer inspection of endpoints through next-level automated threat detection and response against advanced concerns such as fileless threats and ransomware.

Indicators of Compromise (IoCs)

View the full list of IOCs here.