Yakes Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | May 2, 2016 |
Last Seen: | March 30, 2022 |
OS(es) Affected: | Windows |
The Yakes Ransomware is an encryption ransomware Trojan that is used to take the computer users' files captive and then demands the payment of a ransom. The Yakes Ransomware is similar to another popular ransomware Trojan named Salam!' The Yakes Ransomware scans the victim's computers for files with specific extensions and then encrypts them. Variants of the Yakes Ransomware will change the encrypted files' extensions to '.KEYH0LES' – changing the encrypted files' extension is a common trait of these infections. The Yakes Ransomware will then display a ransom note on the victim's computer that may take the form of text or HTML files dropped in directories that contained files that were encrypted.
Unfolding the Yakes Ransomware Infection's Stages
The Yakes Ransomware creates texts files with the date followed by the string 'INFECTION.TXT,' so a file could be named something like 3-13-2016-INFECTION.TXT if it was created on March 13th. These files are dropped in every folder where the Yakes Ransomware has encrypted files. This text file contains instructions on how to decrypt the files by paying the ransom and a threatening language letting the victim know of the attack. To decrypt files encrypted with the Yakes Ransomware, this text files instructs computer users to contact the con artists using BitMessage and provide a specific ID number. These messages take quite a while to be sent and received. After establishing contact, the con artists demand an enormous ransom that is around four BitCoins (which is near $2000 USD at the current average exchange rate). Most encryption ransomware threats demand a payment that is between 0.5 and 1.5 BitCoin. It may be impossible to restore files that have been encrypted using the Yakes Ransomware without access to the decryption key currently. Invariably, the best solution to a Yakes Ransomware infection is to restore the files from a backup copy.
How Infected PC Users Should Deal with the Yakes Ransomware
There are now countless versions of ransomware threats similar to the Yakes Ransomware, in large part due to the rise of the RaaS (Ransomware as a Service) industry, where con artists offer these ransomware threats to third parties that can customize and distribute them. The Yakes Ransomware may enter a computer without alerting the computer user, often distributed using corrupted email messages. Paying the Yakes Ransomware ransom is not a good idea; you have absolutely no guarantee that con artists will keep their word and restore your files after you pay the enormous ransom amount. Having a good backup solution on an external device or the cloud will cost a fraction of most ransom payments – certainly of this one – and provides a simple way to recover from these attacks, which are becoming ever more frequent.
The following is the ransom note used by the Yakes Ransomware in its text files, HTML files, and Desktop wallpaper image:
YourID: -
PC: -
USER: -
*********
Hi there
Your files are now encrypted. I have the key to decrypt them back.
I will give you a decrypter if you pay me. Email me at:
momsbestfriend_@_protonmail.com or torrenttracker_@_india.com
If you don't get a reply or if both emails die, then contact me using a guaranteed, foolproof Bitmessage:
download it form here hxxps://github.com/mailchuck/PyBitmessage/releases/download/v0.5.8/Bitmessage-0.5.8.exe
Run it, click New Identity and then send me a message at BM-NBvzKEY8raDBKb9Gp1xZMRQpeU5svwg2
Just remember that Bitmessage is slow, it takes 5 minutes to send a message and 15 to get a reply.
Cheers
P.S. WARNING!!!!! Don't delete this file: 427047.txt
The following are the file extensions that are targeted by the Yakes Ransomware attack:
.3ds, .4db, .4DD, .7z, .7zip, .accdb, .accdt, .aep, .aes, .ai, .arj, .axx, .bak, .bpw, .cdr, Cer, .crp , .crt, .csv, .db, .dbf, .dbx, .der, .doc, .docm, .docx, .dot, .dotm, .dotx, .dwfx, .dwg, .dwk, .dxf,. eml, eml, .fdb, .gdb, .gho, .gpg, .gxk, .hid, .idx, .ifx, .iso, .kdb, .kdbx, .key, .ksd, .max, .mdb, .mdf, .mpd, .mpp, .myo, .nba, .nbf, nsf, .nv2, .odb, .odp, ods, odt, .ofx, p12, .pdb, .pdf, .pfx , .pgp, .ppj, pps, .ppsx, .ppt, .pptx, .prproj, .psd, .psw, .qba, .qbb, .QBO, .QBW, .qfx, .qif, .rar,. raw, rpt, .rtf, .saj, .sdc, .sdf, .sko, .sql, .sqllite, .sxc, .tar, .tax, .tbl, tib, .txt, .wdb, .xls, .xlsm, .xlsx, .xml, .zip.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.