Free Yanlouwang decryptor released, after flaw found in ransomware code

Free Yanlouwang decryptor released, after flaw found in ransomware code

Security researchers at Kaspersky have released a free decryption tool that promises to recover files for organisations hit by the Yanlouwang ransomware, meaning they don’t have to pay the ransom.

The boffins at the Russian security outfit say that they found a vulnerability in Yanlouwang’s encryption algorithm which means that it is possible for companies to decrypt and recover files without giving in to their extortionists.

Yanlouwang, which is named after a Chinese deity, first emerged in late 2021 – encrypting files in highly-targeted attacks against organisations, and exfiltrating data from networks.

Sign up to our free newsletter.
Security news, advice, and tips.

In a ransom note left for its victims, the Yanlouwang ransomware told companies not to contact law enforcement agencies or attempt to decrypt their data themselves, threatening to launch denial-of-service attacks, contact business partners, and breach systems once more in order to delete all data.

Yanlouwang ransom note

Kaspersky says that its decryption tool requires access to at least one of your original files.

Of course, Kaspersky’s free decryption tool may get you your files back but it doesn’t prevent them having been stolen, and potentially offered for sale to other criminals or published on the web.

Furthermore, recovering access to your data doesn’t plug any security holes that the attackers may have exploited in the first place to infiltrate your business.

With Russian’s invasion of Ukraine, and heightened geo-political tensions, Kaspersky has undoubtedly been having problems convincing businesses to trust its security software. But if you find yourself with your data scrambled by ransomware, I wouldn’t blame you for seeking help wherever you can find it.

Download Kaspersy’s decryption tool here.

It should go without saying, but doesn’t, that you should back up your important data (even if encrypted) before running any decryption tool.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.