Threat Database Ransomware YYYYBJQOQDU Ransomware


By GoldSparrow in Ransomware

The YYYYBJQOQDU Ransomware is an encryption ransomware Trojan first observed on March 25, 2019. The YYYYBJQOQDU Ransomware attack changes the targeted files and marks them with the string YYYYBJQOQDU. The YYYYBJQOQDU Ransomware carries out a typical encryption ransomware attack, taking the victims' files hostage. The YYYYBJQOQDU Ransomware, then, will ask the victim to pay a ransom for restoring access to the encrypted data.

How can You Get Infected by the YYYYBJQOQDU Ransomware

The YYYYBJQOQDU Ransomware typically uses AES and RSA encryption to make victim's files completely inaccessible. The YYYYBJQOQDU Ransomware delivers its ransom note in the form of a text file named 'YOUR FILES ARE ENCRYPTED.TXT' that is dropped on the infected compute's desktop once the victim's files have been compromised. It seems that most of the YYYYBJQOQDU Ransomware's intended victims are located in Eastern Asia, particularly in China and South Korea. The YYYYBJQOQDU Ransomware targets user-generated files with its encryption algorithm, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The YYYYBJQOQDU Ransomware delivers its ransom note in the text file 'YOUR FILES ARE ENCRYPTED.TXT,' which contains the following message for the victim:

'All your files, documents, photos, databases and other important files are encrypted and have the extension: .YYYYBJQOQDU

You are not able to decrypt it by yourself!
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

To be sure we have the decryptor and it works you can send an email and decrypt one file for free.
But this file should be of not valuable!

Do you really want to restore your files?
Write to email

Your personal ID: [random characters]'

Dealing with a YYYYBJQOQDU Ransomware Infection

The YYYYBJQOQDU Ransomware may be a newcomer to the ransomware ecosystem since it does not seem to have any obvious relationships to existing encryption ransomware Trojans. However, dealing with the YYYYBJQOQDU Ransomware, as with most encryption ransomware Trojans, involves restoring any files encrypted by the YYYYBJQOQDU Ransomware from backup copies ideally. This is why having backup copies of all important data stored on safe storage places is the best way to ensure that your data is protected from threats like the YYYYBJQOQDU Ransomware properly. Apart from file backups, computer users need to take steps to prevent the YYYYBJQOQDU Ransomware attacks by being suspicious of email attachments from unsolicited sources especially (since it is a typical way of distributing ransomware Trojans like the YYYYBJQOQDU Ransomware) and installing a security program that is fully up-to-date.


Most Viewed