DETECTO/ThreatDossier
DashboardPricingThreatsRun Free ScanSign In
DETECTO/ThreatDossier

Security intelligence for MSPs, consultants, and businesses. Find breached credentials, compliance gaps, and exposed infrastructure before attackers do.

Product

  • Scan a Domain
  • Pricing
  • Dashboard
  • Sign In

Resources

  • Threat Intelligence
  • Ransomware Groups

Legal

  • Privacy Policy
  • Terms of Service

© 2026 DETECTO. All rights reserved.

Threats/Groups/Yanluowang

Yanluowang

Inactive

yanluowang

First seen: 2022-07-02 18:46:02.242140Total victims: 6

According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops services, and creates the README.txt file containing a ransom note. It appends the .yanluowang extension to filenames. Cybercriminals behind Yanluowang are targeting enterprise entities and organizations in the financial sector.Files encrypted by Yanluowang can be decrypted with this tool (it is possible to decrypt all files if the original file is larger than 3GB. If the original file is smaller than 3GB, then only smaller files can be decrypted).

0Total Victims
0Countries Targeted
0Sectors Targeted
0Avg Attacks/Month

Activity Timelinelast 24 months

Top Targeted Sectors

No sector data available

Top Targeted Countries

No country data available

Recent Victimsshowing 6 of 6

NameCountrySectorDate
Hot news straight from Cisco——2022-08-10 16:48:46.051826
Shorr.com leakage——2022-07-02 18:46:12.949629
Greetings to havi.com and tmsw.com——2022-07-02 18:46:09.788579
Big data dump from various organizations——2022-07-02 18:46:08.058597
Walmart was encrypted——2022-07-02 18:46:03.757313
Cincinnati bell didn’t pay the ransom——2022-07-02 18:46:02.242140

Data from ransomware.live