Yatron Ransomware

The Yatron Ransomware is an encryption ransomware Trojan that was first observed on March 9, 2019. The Yatron Ransomware is being operated as a RaaS (Ransomware as a Service) through a platform that different criminals can lease to create their custom versions of the Yatron Ransomware to carry out encryption ransomware Trojan attacks. These threats all function in the same way, taking the victims' files hostage by encrypting them with a strong encryption algorithm and then demanding a ransom payment.

How the Yatron Ransomware Trojan Attacks a Computer

The Yatron Ransomware targets the user-generated files and uses a strong encryption algorithm, targeting a wide variety of file types. The Yatron Ransomware marks each file encrypted by the Yatron Ransomware attack by adding the file extension '.Yatron' to each affected file's name. However, since the Yatron Ransomware is part of a RaaS, it is likely that many variants of the Yatron Ransomware are customized to use different file extensions and slightly different naming schemes and notifications in their attacks. The Yatron Ransomware generally targets the files specified below in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Yatron Ransomware's Ransom Demands

The Yatron Ransomware delivers its ransom note in the form of a program window named 'Your personal files are encrypted By Yatron' that contains the following text:

'Your personal files are encrypted By Yatron
Oops ,Your Files Have Been Encrypted
your important files are encrypted !
Your documents, photos, databases and Other personal files are encrypted ?
the files that you looked for not readable ?
We are the only ones who can decrypt your files Through the unique key.
what should I do for decrypting my files?
If you want to recover your files, you must purchase a the unique key
send 0.5 btc to the payment address : ***
Send us your ID after your payment
Email to contact us : yatron_Decryptor@mail.ru
As proof you can email us 2 files to decrypt and we will send you the recover files to prove that we can decrypt your files
---
you have 3 Days to pay or Your files will be deleted'

The victims of the Yatron Ransomware are asked to pay a ransom of 300 USD, which may change from one variant to another. You shouldn't pay these ransoms, which helps support these attacks and can expose you to additional threats. The best protection against threats like the Yatron Ransomware is to have file backups stored either on external memory devices.