YouTube Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | June 8, 2017 |
Last Seen: | November 10, 2019 |
OS(es) Affected: | Windows |
The YouTube Ransomware is a lock screen ransomware Trojan that is similar to many police ransomware Trojans that were very popular nearly a decade ago. The YouTube Ransomware is designed to trick computer users into believing that they have broken the law, claiming that the authorities are blocking the victim’s computer until the victim pays a 'fine.' This is simply a variant of the lock screen ransomware tactic, which involves blocking access to the victim's computer and then demanding that the victim pays a ransom to recover access to the infected computer.
Table of Contents
The YouTube Ransomware will Disable Various Windows Utilities
The YouTube Ransomware lock screen prevents the victims from accessing their desktops on the infected computers.The YouTube Ransomware receives its name because the string 'YouTube Ransomware' is indicated as the YouTube Ransomware's name in its file's properties data. The YouTube Ransomware is very similar to numerous other ransomware Trojans, which function by limiting the victim's access to the infected computer. The YouTube Ransomware's executable file is named 'YouTube.exe' and may be delivered to the victim's computer through the use of corrupted email attachments. Apart from locking the victim's screen, the YouTube Ransomware will interfere with the victim's ability to recover from the YouTube Ransomware attack. To do this, the YouTube Ransomware will disable the Windows utilities that could help computer users bypass or close the YouTube Ransomware window, including things like the Windows Task Manager, the Command Line, and the Registry Editor, as well as keyboard shortcuts. Without these in place, the victim has no choice but to read the YouTube Ransomware lock screen.
Understanding the YouTube Ransomware Tactic
The YouTube Ransomware displays a lock screen that mimics the YouTube Web page template. However, where the video player would appear, the YouTube Ransomware includes a text message that intimidates the victim and requests the payment of a ransom until a password is inserted into the YouTube Ransomware locks screen. The YouTube Ransomware displays the following text on the infected computer:
You have violated the YouTube law!
Watching something copyrighted does not give you authorization to watch the content. Even if you never claimed to own the copyright or gave the copyrighted owner! watching these videos on YouTube may violate the copyright law! for that this computer will be blocked you cannot do anything! unless if you put in the password right Your computer will be set free to use and you will get another chance to use YouTube!
[TEXT BOX]
Note the poorly worded and misspelled message used in the YouTube Ransomware lock screen. It is clear that the people responsible for the YouTube Ransomware message are not native English speakers.
Dealing with the YouTube Ransomware Lock Screen
Fortunately, the YouTube Ransomware is not an encryption ransomware Trojan, which encrypts the victims' files and demands the payment of a ransom. Instead, simply entering a password will make the YouTube Ransomware lock screen go away. In the latest version of the YouTube Ransomware analyzed by PC security researchers, the password 'law725' should make the YouTube Ransomware lock screen disappear. However, it is not unlikely that the people responsible for the YouTube Ransomware will release an updated version that uses a different password or a more advanced removal method. The YouTube Ransomware lock screen also can be bypassed by using an alternate start-up method, such as Safe Mode, to prevent the YouTube Ransomware from loading automatically. After removing the YouTube Ransomware lock screen with the password or an alternate start-up method, you will need to remove the YouTube Ransomware lock screen and its associated corrupted files for good. To do this, the safest way is by using a reliable, fully updated anti-malware application. Following recommended online safety guidelines can prevent future infections.