Threat Database Ransomware Yoshikada Ransomware

Yoshikada Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 20
First Seen: January 31, 2018
Last Seen: August 15, 2019
OS(es) Affected: Windows

The Yoshikada Ransomware is an encryption ransomware Trojan. Several computer users have reported that the Yoshikada Ransomware encrypted their files in January 2018. The Yoshikada Ransomware carries out a typical version of these attacks, using a strong encryption algorithm to make the victim's files inaccessible, and then demanding a ransom payment. This ransom payment, according to the crooks will buy the decryption key that the affected users need to restore the affected files.

The Yoshikada Ransomware Attacks Business Network Primarily

The Yoshikada Ransomware can be distributed in a variety of ways, including corrupted email attachments and through fake file downloads on file sharing networks and other suspicious online sources. The Yoshikada Ransomware, like most encryption ransomware Trojans, will use strong encryption algorithms to make the victim's files inaccessible. The Yoshikada Ransomware uses the AES 256 and RSA 1024 encryptions to corrupt the victim's files, making them inaccessible to everyone except those that have the decryption key. The Yoshikada Ransomware will search for and encrypt the files with the following file extensions in its attack:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .exe, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Yoshikada Ransomware will avoid certain directories (such as Windows or Program Files) so that the victim's files remain accessible. This is because threats like the Yoshikada Ransomware require the victim's operating system and applications to remain functional enough so that the Yoshikada Ransomware can present a ransom note and the victim can carry out a ransom payment.

The Yoshikada Ransomware’s Ransom Demands

The Yoshikada Ransomware will rename the files encrypted by the attack, adding the file extension 'crypted_yoshikada@cock_lu' to the end of each affected file's name. Victims of the attack are asked to contact the cybercrooks at the email address included in that file extension after the '_'symbol. The Yoshikada Ransomware delivers its ransom note in a text file named 'READ_ME.txt' that is dropped on the infected computer's desktop. Victims of the attack are told in this text note to purchase a program named 'YOSHIKADA DECRYPTOR' to recover the affected files. Below is the full text of the Yoshikada Ransomware's ransom note:

'Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software - "YOSHIKADA DECRYPTOR"
Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk. If you want to restore files, write us to the e-mail:
In subject line write "encryption" and attach your personal ID in body of your message also attach to email 3 crypted files. (files have to be less than 10 MB) It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.'

Dealing with a Yoshikada Ransomware Infection

The Yoshikada Ransomware itself can be removed with the help of a reliable security program that is fully up-to-date. However, when the Yoshikada Ransomware encrypts a file, it cannot be recovered without the decryption key. The cybercrooks will charge thousands of dollars via Bitcoin to restore the affected files, but will not follow through frequently. PC security researchers, therefore, strongly advise computer users to have reliable backup methods to store duplicates of their files on an independent memory device or another safe method.


Most Viewed