Threat Database Ransomware yG Ransomware

yG Ransomware

By GoldSparrow in Ransomware

Malware experts have detected a file-encrypting Trojan named yG Ransomware, which emerged recently. Upon more detailed inspection it appeared that the yG Ransomware is, in fact, a new variant of the notorious data-locking Trojan Dharma Ransomware (also called the Crysis Ransomware). It is a popular practice with cybercriminals, instead of building a whole new piece of malware from scratch, to adaptate a largely successful threat such as the Dharma Ransomware by only changing its code slightly. Some of them seem to live by the mantra 'work smart, not hard.'

It is not certain completely what propagation method is employed by the attackers; it is believed that they may be using fraudulent software updates, email campaigns or pirated media. When the yG Ransomware infects your PC, it begins the attack by performing a file scan. This way, the yG Ransomware would identify all the data it is going to encrypt. When the files have been identified successfully, the yG Ransomware would begin the encryption process and lock all the data from the targeted file types. After the encryption, the files would have their names changed. The yG Ransomware, like other ransomware threats from the Dharma Ransomware family, follow a certain pattern when renaming the affected files, only altering it slightly according to the version that will be used. In the case, if the yG Ransomware the pattern is as follows '.id-.[].yG.' Next, the yG Ransomware drops a ransom note notifying the victims of the current situation with their data. The authors of the yG Ransomware do not specify the sum they would like to receive from the victim. There is an email address provided, where the user can contact the individuals behind yG Ransomware –

We would suggest you stay away from cyber crooks and not engage with them in any manner. They are known to trick the users and will likely not provide you with the decryptor they will promise. Instead, you should wipe clean your computer using a reputable security suite.

Related Posts


Most Viewed