The infamous Yanluowang gang suffered a critical hit in a recent data breach as the group’s internal chats were leaked online. Yanluowang is a famous ransomware used by threat groups and criminals to extort money from victims. According to reports, the leaked conversations suggest that the group has members who speak Russian and might belong to the Russian region.
KELA, an Israel-based threat research company, disclosed the leak and decoded the conversations of the criminal organization from January through September 2022, with all communication occurring in Russian. Earlier, threat researchers believed that the Yanluowang gang could have been a part of the Chinese region. However, the leaked chats prove that the recent merger with Evil Corp has started changing opinions about the hacker collective.
Yanluowang ransomware gang leaked chats
According to the report by researchers, who reported the leaked chats, the group members used nicknames in the conversations, such as Saint, killanas, Thief, and Saint. Among these members, Saint is believed to be the group’s leader. The group members use aliases on different hacking forums and have been completely doxed, including their real names, social media accounts, and other details.
Reports suggest that the conversation exhibited that the threat group has existed since the fall of 2021 and has been developing new and more potent malware to target individuals and organizations. Upon further investigation, the group leader revealed they had earned at least a million dollars in 2022.
Online sources for the Yanluowang ransomware include screenshots containing the source code for the decryption process and the logs. According to Risky Business, this data release looks to have been the product of an attack. In addition to taking over the group’s internal chat server, the assailants compromised Yanluowang’s “escape site” on the dark web.
As per reports, the data leak site run by the gang was “defaced,” not “hacked.” There are several theories about who was responsible for the attack, ranging from the traditional one that it was a disgruntled former member of the group or an unidentified information security specialist to the conclusion that it was the Cisco security service taking revenge for the hack that happened in May.