Threat Database Ransomware Yashma Ransomware

Yashma Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: May 13, 2022
Last Seen: October 6, 2022
OS(es) Affected: Windows

The Yashma Ransomware threat is a potent malware that can wreak havoc on the data stored on the breached devices. However, when infosec experts analyzed this ransomware, they discovered that is it not entirely unique. In fact, the opposite is true, and Yashma Ransomware appears to be yet another rebranding of the infamous Chaos Ransomware Builder. More specifically, Yashma is the 6th version of this threatening builder.

As such, the threat has retained the already expansive capabilities of its previous iteration. Yashma can encrypt large files (over 2MB) without compromising the data inside them. As for its encryption algorithm, the threat utilizes AES-256 making the restoration of the locked files without the necessary decryption keys practically impossible. Cybercriminals who wish to create their own variations of the threat can fine-tune multiple different options in the builder. They can make their custom ransom notes, set a new desktop wallpaper on the breached device, choose specific file extensions to be encrypted, propagate the threat over network connections, pick their own file extension to mark the encrypted files, disable the Task Manager and more.

What Yashma boasts in expanded functionality includes two major improvements. First, the threat can now be instructed to stop its execution when it is initiated on systems from a specific location. The threat determines this factor by checking the default language of the device. This feature is often used by ransomware operators to stop their harmful creations from affecting users in their country and potentially catching the attention of the local authorities.

The second feature found in Yashma involves the ability of the threat to now stop various services found running on the victim's device. According to a report by researchers from the BlackBerry Research & Intelligence Team who analyzed the entire development history of the Chaos Ransomware Builder, Yashma mainly targets services associated with AV (Anti-virus) solutions, as well as backup, vault and storage services.


Most Viewed