Threat Database Ransomware YouTube Ransomware

YouTube Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: June 8, 2017
Last Seen: November 10, 2019
OS(es) Affected: Windows

The YouTube Ransomware is a lock screen ransomware Trojan that is similar to many police ransomware Trojans that were very popular nearly a decade ago. The YouTube Ransomware is designed to trick computer users into believing that they have broken the law, claiming that the authorities are blocking the victim’s computer until the victim pays a 'fine.' This is simply a variant of the lock screen ransomware tactic, which involves blocking access to the victim's computer and then demanding that the victim pays a ransom to recover access to the infected computer.

The YouTube Ransomware will Disable Various Windows Utilities

The YouTube Ransomware lock screen prevents the victims from accessing their desktops on the infected computers.The YouTube Ransomware receives its name because the string 'YouTube Ransomware' is indicated as the YouTube Ransomware's name in its file's properties data. The YouTube Ransomware is very similar to numerous other ransomware Trojans, which function by limiting the victim's access to the infected computer. The YouTube Ransomware's executable file is named 'YouTube.exe' and may be delivered to the victim's computer through the use of corrupted email attachments. Apart from locking the victim's screen, the YouTube Ransomware will interfere with the victim's ability to recover from the YouTube Ransomware attack. To do this, the YouTube Ransomware will disable the Windows utilities that could help computer users bypass or close the YouTube Ransomware window, including things like the Windows Task Manager, the Command Line, and the Registry Editor, as well as keyboard shortcuts. Without these in place, the victim has no choice but to read the YouTube Ransomware lock screen.

Understanding the YouTube Ransomware Tactic

The YouTube Ransomware displays a lock screen that mimics the YouTube Web page template. However, where the video player would appear, the YouTube Ransomware includes a text message that intimidates the victim and requests the payment of a ransom until a password is inserted into the YouTube Ransomware locks screen. The YouTube Ransomware displays the following text on the infected computer:

You have violated the YouTube law!
Watching something copyrighted does not give you authorization to watch the content. Even if you never claimed to own the copyright or gave the copyrighted owner! watching these videos on YouTube may violate the copyright law! for that this computer will be blocked you cannot do anything! unless if you put in the password right Your computer will be set free to use and you will get another chance to use YouTube!

Note the poorly worded and misspelled message used in the YouTube Ransomware lock screen. It is clear that the people responsible for the YouTube Ransomware message are not native English speakers.

Dealing with the YouTube Ransomware Lock Screen

Fortunately, the YouTube Ransomware is not an encryption ransomware Trojan, which encrypts the victims' files and demands the payment of a ransom. Instead, simply entering a password will make the YouTube Ransomware lock screen go away. In the latest version of the YouTube Ransomware analyzed by PC security researchers, the password 'law725' should make the YouTube Ransomware lock screen disappear. However, it is not unlikely that the people responsible for the YouTube Ransomware will release an updated version that uses a different password or a more advanced removal method. The YouTube Ransomware lock screen also can be bypassed by using an alternate start-up method, such as Safe Mode, to prevent the YouTube Ransomware from loading automatically. After removing the YouTube Ransomware lock screen with the password or an alternate start-up method, you will need to remove the YouTube Ransomware lock screen and its associated corrupted files for good. To do this, the safest way is by using a reliable, fully updated anti-malware application. Following recommended online safety guidelines can prevent future infections.

Related Posts


Most Viewed