Yakes Ransomware

The Yakes Ransomware is an encryption ransomware Trojan that is used to take the computer users' files captive and then demands the payment of a ransom. The Yakes Ransomware is similar to another popular ransomware Trojan named Salam!' The Yakes Ransomware scans the victim's computers for files with specific extensions and then encrypts them. Variants of the Yakes Ransomware will change the encrypted files' extensions to '.KEYH0LES' – changing the encrypted files' extension is a common trait of these infections. The Yakes Ransomware will then display a ransom note on the victim's computer that may take the form of text or HTML files dropped in directories that contained files that were encrypted.

Unfolding the Yakes Ransomware Infection's Stages

The Yakes Ransomware creates texts files with the date followed by the string 'INFECTION.TXT,' so a file could be named something like 3-13-2016-INFECTION.TXT if it was created on March 13th. These files are dropped in every folder where the Yakes Ransomware has encrypted files. This text file contains instructions on how to decrypt the files by paying the ransom and a threatening language letting the victim know of the attack. To decrypt files encrypted with the Yakes Ransomware, this text files instructs computer users to contact the con artists using BitMessage and provide a specific ID number. These messages take quite a while to be sent and received. After establishing contact, the con artists demand an enormous ransom that is around four BitCoins (which is near $2000 USD at the current average exchange rate). Most encryption ransomware threats demand a payment that is between 0.5 and 1.5 BitCoin. It may be impossible to restore files that have been encrypted using the Yakes Ransomware without access to the decryption key currently. Invariably, the best solution to a Yakes Ransomware infection is to restore the files from a backup copy.

How Infected PC Users Should Deal with the Yakes Ransomware

There are now countless versions of ransomware threats similar to the Yakes Ransomware, in large part due to the rise of the RaaS (Ransomware as a Service) industry, where con artists offer these ransomware threats to third parties that can customize and distribute them. The Yakes Ransomware may enter a computer without alerting the computer user, often distributed using corrupted email messages. Paying the Yakes Ransomware ransom is not a good idea; you have absolutely no guarantee that con artists will keep their word and restore your files after you pay the enormous ransom amount. Having a good backup solution on an external device or the cloud will cost a fraction of most ransom payments – certainly of this one – and provides a simple way to recover from these attacks, which are becoming ever more frequent.

The following is the ransom note used by the Yakes Ransomware in its text files, HTML files, and Desktop wallpaper image:

YourID: -
PC: -
USER: -
*********
Hi there

P.S. WARNING!!!!! Don't delete this file: 427047.txt

The following are the file extensions that are targeted by the Yakes Ransomware attack:

.3ds, .4db, .4DD, .7z, .7zip, .accdb, .accdt, .aep, .aes, .ai, .arj, .axx, .bak, .bpw, .cdr, Cer, .crp , .crt, .csv, .db, .dbf, .dbx, .der, .doc, .docm, .docx, .dot, .dotm, .dotx, .dwfx, .dwg, .dwk, .dxf,. eml, eml, .fdb, .gdb, .gho, .gpg, .gxk, .hid, .idx, .ifx, .iso, .kdb, .kdbx, .key, .ksd, .max, .mdb, .mdf, .mpd, .mpp, .myo, .nba, .nbf, nsf, .nv2, .odb, .odp, ods, odt, .ofx, p12, .pdb, .pdf, .pfx , .pgp, .ppj, pps, .ppsx, .ppt, .pptx, .prproj, .psd, .psw, .qba, .qbb, .QBO, .QBW, .qfx, .qif, .rar,. raw, rpt, .rtf, .saj, .sdc, .sdf, .sko, .sql, .sqllite, .sxc, .tar, .tax, .tbl, tib, .txt, .wdb, .xls, .xlsm, .xlsx, .xml, .zip.