Yatron Ransomware
The Yatron Ransomware is a file-locking Trojan that's a partial derivative of the Hidden Tear project. The Yatron Ransomware can encrypt your files (using a modified version of the feature that isn't compatible with previous HT decryptors) for locking them and demands its ransoms through a pop-up alert. Victims should implement appropriate security countermeasures to stop any further attacks and use anti-malware products for eliminating the Yatron Ransomware before recovering their files from a backup.
Hidden Tear Gets Unhidden Aggressively
A new threat actor is so proud of his Ransomware-as-a-Service Trojan that he's promoting it, not just to the criminal underground, but to cyber-security researchers. The Yatron Ransomware is a significantly-changed version of the 'Hidden Tear' freeware that uses a more-secure encryption method and a pop-up that's not too different from the alert of the Jigsaw Ransomware's family. Criminals can, as usual, pay for using different versions of the Yatron Ransomware, although they only need an upfront, one-time fee of one hundred USD for a lifetime's usage.
The Yatron Ransomware first came to the interest of the cyber-security industry when its threat actor began tweeting promotional messages for it. Besides its traditional, file-locking functionality that AES encrypts media and adds a 'Yatron' extension to the names, malware researchers are outlining other features that aren't quite as common with threats of the same classification. Many of these extras are useful for its circulation and include:
- The Yatron Ransomware may use NSA-created software exploits, EternalBlue and DoublePulsar, for compromising Windows systems sharing the local network, although current builds have the function incomplete.
- The Yatron Ransomware auto-copies the executable to any P2P clients' folders, such as Kazaa, which could make the compromised PC share it automatically.
- The Yatron Ransomware includes a Jigsaw Ransomware style of attack that deletes the hostage documents, pictures, and other files once the three-day countdown in its pop-up hits zero.
There also is an uncorroborated assertion of the Yatron Ransomware's infecting portable USB devices.
Stopping File-Ransoming Crimes When They're Starting
Many parts of the Yatron Ransomware's code are not, yet, complete, but its threat actor's social media efforts and enthusiasm demonstrate a reasonably high chance of all the above features working, sooner or later. Even in its limited status, the Yatron Ransomware can encrypt most files on compromised Windows machines, and malware experts can't confirm any chances of a decryptor's availability for the public. Backing up work to a secure device is the best failsafe for recovering data after a file-locker Trojan's infection.
Users can protect their files by updating software for patching out exploits like EternalBlue, by being careful around e-mail messages carrying unknown links or attachments, and using passwords that aren't subject to brute-forcing. The circulatory strategies of a Ransomware-as-a-Service business are as flexible as its clients and may extend to techniques that aren't present in this article. However, most professional anti-malware products should delete the Yatron Ransomware, like the original Hidden Tear, automatically.
The Yatron Ransomware is selling itself for a one-time price that makes it clear that its author is less interested in seeing ransom succeed than he is in convincing criminals into buying in on his program. The fewer victims pay these ransoms, the less likely it is that they'll see new versions of Hidden Tear like the Yatron Ransomware in the future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.