"Yanluowang Ransomware Leaks Suggest Pseudo Chinese Persona, REvil Links"

Leaked chat data from the Yanluowang ransomware organization reveals a fake Chinese persona and possible connections to other ransomware organizations. Although Yanluowang is named after the Chinese and Buddhist mythological figure Yanluo Wang, chat data revealed that those involved in the organization spoke Russian. In February 2022, the group's most prominent member, operating under the alias 'Saint,' responded in a discussion about the arrests of former REvil members, claiming that five of the individuals in a linked news report were "former classmates." REvil is still active, but its reign over the ransomware landscape ended in 2021 as a result of a coordinated international law enforcement operation to arrest many of its core members. The remaining lower-level cybercriminals are suspected of having either remained with the organization or moved on to work for more lucrative rivals. Many more messages in Russian were leaked, as were more active aliases, including 'Killanas,' who was the second most active user in the organization after Saint. According to KELA's analysis, Killanas is believed to have played a role in code assignment management, alongside 'Felix' as a tester and 'Stealer' as another organization member. Chat logs between Felix and Stealer appeared to show that an ESXi version of Yanluowang ransomware was being developed. The leak also includes source code snippets from the ransomware locker program's builder and decryption processes, but the authenticity of these has yet to be verified. This article continues to discuss the leak of the Yanluowang ransomware organization's internal chat logs.

ITPro reports "Yanluowang Ransomware Leaks Suggest Pseudo Chinese Persona, REvil Links"