Yoshikada Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 20 |
First Seen: | January 31, 2018 |
Last Seen: | August 15, 2019 |
OS(es) Affected: | Windows |
The Yoshikada Ransomware is an encryption ransomware Trojan. Several computer users have reported that the Yoshikada Ransomware encrypted their files in January 2018. The Yoshikada Ransomware carries out a typical version of these attacks, using a strong encryption algorithm to make the victim's files inaccessible, and then demanding a ransom payment. This ransom payment, according to the crooks will buy the decryption key that the affected users need to restore the affected files.
Table of Contents
The Yoshikada Ransomware Attacks Business Network Primarily
The Yoshikada Ransomware can be distributed in a variety of ways, including corrupted email attachments and through fake file downloads on file sharing networks and other suspicious online sources. The Yoshikada Ransomware, like most encryption ransomware Trojans, will use strong encryption algorithms to make the victim's files inaccessible. The Yoshikada Ransomware uses the AES 256 and RSA 1024 encryptions to corrupt the victim's files, making them inaccessible to everyone except those that have the decryption key. The Yoshikada Ransomware will search for and encrypt the files with the following file extensions in its attack:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .exe, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Yoshikada Ransomware will avoid certain directories (such as Windows or Program Files) so that the victim's files remain accessible. This is because threats like the Yoshikada Ransomware require the victim's operating system and applications to remain functional enough so that the Yoshikada Ransomware can present a ransom note and the victim can carry out a ransom payment.
The Yoshikada Ransomware’s Ransom Demands
The Yoshikada Ransomware will rename the files encrypted by the attack, adding the file extension 'crypted_yoshikada@cock_lu' to the end of each affected file's name. Victims of the attack are asked to contact the cybercrooks at the email address included in that file extension after the '_'symbol. The Yoshikada Ransomware delivers its ransom note in a text file named 'READ_ME.txt' that is dropped on the infected computer's desktop. Victims of the attack are told in this text note to purchase a program named 'YOSHIKADA DECRYPTOR' to recover the affected files. Below is the full text of the Yoshikada Ransomware's ransom note:
'Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software - "YOSHIKADA DECRYPTOR"
Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk. If you want to restore files, write us to the e-mail: yoshikada@cock.lu
In subject line write "encryption" and attach your personal ID in body of your message also attach to email 3 crypted files. (files have to be less than 10 MB) It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.'
Dealing with a Yoshikada Ransomware Infection
The Yoshikada Ransomware itself can be removed with the help of a reliable security program that is fully up-to-date. However, when the Yoshikada Ransomware encrypts a file, it cannot be recovered without the decryption key. The cybercrooks will charge thousands of dollars via Bitcoin to restore the affected files, but will not follow through frequently. PC security researchers, therefore, strongly advise computer users to have reliable backup methods to store duplicates of their files on an independent memory device or another safe method.