Yanluowang ransomware gang

The Yanluowang ransomware gang is a cybercriminal organization that carries out ransomware attacks and extortion schemes. The group’s headquarters is located in Russia. It maintains an extortion site where it publishes data stolen from victims to coerce payment. The gang’s modus operandi involves encrypting target systems and threatening to release confidential information unless a ransom is paid. The source material does not specify the group's size, revenue, or particular industries targeted.

On October 31, 2022, the Yanluowang ransomware group experienced a breach of its extortion site. The breach resulted in the leak of approximately 2,700 internal chat messages covering several months. The leaked communications were primarily written in Russian. The messages disclosed details about the group's tactics, techniques, and procedures. They also indicated possible collaborations with other ransomware actors and gave insight into the gang's internal structure. Researchers who analyzed the leaked data provided useful intelligence to law enforcement and exposed operational security gaps. The incident likely hampered the gang's activities by revealing information that could be leveraged by defenders or rivals. No further quantitative data regarding the group's scale, financial gains, or victim count is presented in the supplied sources.