Has Walmart Fallen Victim to a Yanluowang Ransomware Attack?

Walmart has allegedly been breached by the Yanluowang gang for ransomware.

After claiming to have encrypted thousands of computers, hackers from the Yanluowang gang reportedly launched a ransomware attack against Walmart.

According to the report, Walmart was the target of the attack. On the other hand, Walmart refutes the allegations that a data breach occurred.

Walmart has stated that their information security team is monitoring their systems around the clock and has found out that the claims are inaccurate.

Yanluowang Gang Attacks Walmart

The Yanluowang ransomware group claimed that they had carried out the attack more than a month ago and were successful in encrypting devices but were unable to steal any data.

However, on Monday, the malicious threat actors known as Yanluowang publicly exposed the data they have allegedly stolen on their data leak site.

According to BleepingComputer, "Kerberoasting is used by threat actors after they gain a foothold on a network to extract Windows service accounts and their hashed NTLM passwords."

After that, the actors decrypt the hashed passwords in order to obtain the plain-text passwords, which are then utilized to achieve higher privileges within the Windows domain.

The group claimed that they had broken into Walmart and encrypted between 40,000 and 50,000 different devices.

According to the site that leaked the data, the hackers encrypted the data on approximately 40-50 thousand Walmart computers and offered their assistance.

However, Walmart declined their assistance, and now the hackers are publishing the data.

The entry on the data leak site contains a number of files, all of which are said to display stolen information that was taken during the breach from Walmart's Windows domain.

The leaked data on the site reportedly contains Walmart's list of domain users, security certificates, the company's internal network, and more.

However, a spokesperson from Walmart confirmed to BleepingComputer that there were no successful attacks on their devices and the claims are inaccurate.

They claim that as part of this attack, they demanded a ransom of $55 million from Walmart, but the company did not respond to their demand.

Read Also: Windows 10 KB5014666 Update: Bug Fixes, New Printer Features, and More

Who are the Yanluowang Gang?

According to SecureList,Yanluowang ransomware has only been around for a short while, and its name alludes to the Chinese deity Yanluo Wang, who is considered to be one of the Ten Kings of Hell.

Due to the obvious targeted nature of the ransomware, there has been a relatively low number of infections.

Threat actors have only prepared and carried out attacks against specific and chosen businesses and organizations. So far, Yanluowang has only deployed human-operated attacks that were specifically targeted.

As reported by Avertium, the hacking operation of the group has a great deal of experience with ransomware as a service (RaaS).

This also makes it possible that veteran RaaS groups such as Fivehands and Thieflock are connected to Yanluowang.

Despite the fact that the group's primary objective is to attack organizations operating in the financial sector, they have also targeted companies operating in the manufacturing, information technology (IT), consulting, and engineering industries.

SecureList by Kaspersky recommends that " it is important for a company to have a security solution that would enable instant response to such ransomware threats in order to avoid large financial losses."

The cybersecurity company added, "As usual in such cases, we would like to remind you that a comprehensive cybersecurity strategy is required to protect against this type of threat."

Related Article: Bank of the West Warns Customers After Skimmers That Steal Debit Card Info were Found in ATMs

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost