"Yanluowang Ransomware Tied to Thieflock Threat Actor"

Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research. Researchers at Symantec have found that a threat actor previously tied to the Thieflock ransomware may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations. The researchers found ties between Thieflock and Yanluowang, the latter of which they revealed in October after observing its use against a large organization. One of the researchers stated that the finding demonstrates how “little loyalty” there is among ransomware actors, particularly those who act as affiliates of RaaS operations. Since August, the researchers found that a threat actor has been using Yanluowang to target mainly financial companies in the United States. The actor also has attacked companies in the manufacturing, IT services, consultancy, and engineering sectors with the novel ransomware.

Threatpost reports: "Yanluowang Ransomware Tied to Thieflock Threat Actor"