YaKo Ransomware

The YaKo Ransomware is a piece of encrypting malware that belongs to the Xorist Ransomware family. Like any other ransomware threat, theYaKo Ransomware locks up files on the infected computer and then requires a ransom in exchange for a decryption key. The malware appends the ".Yako" extension to all encrypted files. A message that explains what has happened and demands the ransom is displayed in a pop-up window, as soon as the encryption process is complete. The YaKo Ransomware also changes the wallpaper and drops a text file named "HOW TO DECRYPT FILES.txt" into all compromised folders.

YaKo Ransomware's ransom note states that all user files have been encrypted, and the user needs to pay 0.1 BTC to recover the data. That amount in Bitcoin cryptocurrency is equal to about 1,100 USD at the current exchange rates. Victims also are commanded to contact the attackers at the email address yakomoko@protonmail.com as soon as they have collected the required BTC amount and transferred it to the provided crypto-coin wallet. Although the criminals promise to provide the victim with the decryption keys after they have completed all the necessary steps, they do not keep their promise in most cases. Users affected by ransomware rarely get their data back; instead, they are only left with substantial financial losses if they agree to pay the ransom

As with other ransomware threats from the Xorist Ransomware family, the YaKo Ransomware spreads through spam emails that contain infected attachments. Corrupted advertisements, torrent websites, "cracking" tools, and fake updates are also sources of harmful malware.