Threat Database Ransomware YKUP Ransomware

YKUP Ransomware

Malware researchers have spotted a brand-new copy of the infamous Dharma Ransomware. The Dharma Ransomware family was the second most active ransomware family in 2019. This new variant of the notorious Dharma Ransomware is called the YKUP Ransomware.

Propagation and Encryption

Malware analysts are not fully certain what is the propagation method used by the creators of the YKUP Ransomware. It is likely that they are utilizing malvertising campaigns, bogus software downloads and updates, spam emails containing macro-laced attachments, torrent trackers, or other shady tricks to distribute the YKUP Ransomware. The YKUP Ransomware is likely targeting a wide variety of filetypes. Rest assured that all your images, audio files, documents, spreadsheets, archives, databases, videos, presentations, and other common filetypes will be locked by the YKUP Ransomware swiftly. This ransomware threat uses a secure encryption algorithm to encrypt all the targeted files. The files locked by the YKUP Ransomware will have their names changed. The YKUP Ransomware appends a '.id-.[]. YKUP' extension at the end of the filenames. Every affected user will have a unique victim ID generated for them. This helps the attackers differentiate between their victims.

The Ransom Note

Just like most variants of the Dharma Ransomware, the ransom message of the creators of the YKUP Ransomware will be contained in files named 'FILES ENCRYPTED.txt' and 'info.hta.' In the ransom message, the attackers avoid specifying a sum regarding the ransom fee. However, users who would like to get more information regarding the attack are required to contact the attackers via email – ‘'

There is no point in contacting the authors of the YKUP Ransomware as they may not provide a decryption tool even if you pay the ransom fee. Instead, you should consider obtaining a reputable anti-virus application that will rid you of the YKUP Ransomware for good.


Most Viewed