YobaCrypt Ransomware

YobaCrypt Ransomware Description

The YobaCrypt Ransomware is a brand-new ransomware threat. More and more cybercriminals try their luck in creating file-locking Trojans as they are often perceived as an easy way to generate some cash.

Propagation and Encryption

It is not yet clear what is the exact infection vector involved in the propagation of this new ransomware threat. Some malware researchers believe that fake application updates, pirated copies of legitimate software, and spam emails containing corrupted attachments may be some of the propagation methods used by the authors of the YobaCrypt Ransomware. This data-encrypting Trojan will scan your system briefly once it infiltrates it. The purpose is to locate all the files, which will be targeted for encryption. Once this step is completed, the YobaCrypt Ransomware will start its encryption process. All the files, which are locked by this ransomware threat, will have their names altered. The YobaCrypt Ransomware appends a ‘.[mr.yoba@aol.com].yoba’ extension to the end of the filenames of the newly locked files. For example, a file, which was originally named ‘empty-summer.png,’ will be renamed to ‘empty-summer.png.[mr.yoba@aol.com].yoba.’

The Ransom Note

When the encryption process is through, the YobaCrypt Ransomware will drop its ransom note. The note is called ‘!=How_reocovery_files=!.txt’ and it reads:

'Hi!
Do you want decrypt files?
Send us this code:
SB3UqKR9yuBZn5Pxn4bU4m0tt8P7KfBfv+wosJHUjvd5xA51PDFeoyUaJB1CDxdIrO6XNrmyV6Ph/n/NSkUP14wgK/pd6UYAXY+AnWFoaCY7VpWEpP+8LrcCOHUkdznBbdfws7I7Ne4n1SvoVIIW//8ovYUGJeOVu56fnUCxdDZ768s1G91SvMHJdHlbe/tfoxm9QKipVnI6ucufjNJ8pSb3mX+K3VqbJ+O9cnnM6LUarDDgZdiKtbQPUEzkJ4abkAnw6QavdxS4pqmkWZVQrBJXIvvL6GV7wQ+ldoUA9BAxM+3+soR7KLHpHCt8jOHVRsBVgSnB6Qx10afnIXLPvg==
Email: mr.yoba@aol.com.'

The creators of the YobaCrypt Ransomware do not mention the ransom fee in their note. However, they provide an email address where the user is supposed to contact them – ‘mr.yoba@aol.com.’

We would advise you against paying cybercriminals certainly. Not only is it unlikely for them to provide you with a decryption tool, but they do not even provide you with proof that they have a decryption key in the first place. Instead, you should look for a reputable anti-virus solution, which will remove the YobaCrypt Ransomware from your system and keep you safe in the future.