Yashma Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | May 13, 2022 |
| Last Seen: | October 6, 2022 |
| OS(es) Affected: | Windows |
The Yashma Ransomware threat is a potent malware that can wreak havoc on the data stored on the breached devices. However, when infosec experts analyzed this ransomware, they discovered that is it not entirely unique. In fact, the opposite is true, and Yashma Ransomware appears to be yet another rebranding of the infamous Chaos Ransomware Builder. More specifically, Yashma is the 6th version of this threatening builder.
As such, the threat has retained the already expansive capabilities of its previous iteration. Yashma can encrypt large files (over 2MB) without compromising the data inside them. As for its encryption algorithm, the threat utilizes AES-256 making the restoration of the locked files without the necessary decryption keys practically impossible. Cybercriminals who wish to create their own variations of the threat can fine-tune multiple different options in the builder. They can make their custom ransom notes, set a new desktop wallpaper on the breached device, choose specific file extensions to be encrypted, propagate the threat over network connections, pick their own file extension to mark the encrypted files, disable the Task Manager and more.
What Yashma boasts in expanded functionality includes two major improvements. First, the threat can now be instructed to stop its execution when it is initiated on systems from a specific location. The threat determines this factor by checking the default language of the device. This feature is often used by ransomware operators to stop their harmful creations from affecting users in their country and potentially catching the attention of the local authorities.
The second feature found in Yashma involves the ability of the threat to now stop various services found running on the victim's device. According to a report by researchers from the BlackBerry Research & Intelligence Team who analyzed the entire development history of the Chaos Ransomware Builder, Yashma mainly targets services associated with AV (Anti-virus) solutions, as well as backup, vault and storage services.
