Yoqs Ransomware
Infosec researchers are continuing to find more and more ransomware variants based on the STOP/Djvu malware family. One such threat is the Yoqs Ransomware. Although there is little differentiating it from the rest of the variants of this family, Yoqs as a threat should not be underestimated. If deployed on a computer successfully, the malware will quickly execute an encryption routine that will go after the majority of the files stored on the breached device.
The victim's documents, PDFs, databases, archives, photos, images, etc., will be rendered inaccessible completely, due to the strong cryptographic algorithm used by the ransomware. As part of its intrusive actions, Yoqs will modify the names of all affected files by appending them with a new file extension - '.yoqs.' When the threat has processed all targeted file types it will proceed to deliver a ransom note to the infected system. This ransom-demanding message will be dropped as a text file named '_readme.txt'.
Ransom Note's Overview
The details found in the instructions left by the Yoqs Ransomware are almost entirely identical to those found in other STOP/Djvu malware threats. Victims are reassured that their data can be restored, but to do that, they will need to pay the hackers $980. The attackers promise to send back a decryptor tool and the necessary decryption key in exchange for the ransom.
Affected users also have the opportunity to cut the size of the demanded ransom in half to $490. According to the note, the only exigency is to establish contact with the hackers within 72 hours of the ransomware infection. Victims also can send a single locked file to be decrypted for free. Yoqs' message mentions two email addresses that can be used as communication channels - 'support@sysmail.ch' and 'helprestoremanager@airmail.cc.'
The full text of the ransom note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-veBR09KNyi
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@sysmail.chReserve e-mail address to contact us:
helprestoremanager@airmail.ccYour personal ID:'
