Home Malware Programs Ransomware YobaCrypt Ransomware

YobaCrypt Ransomware

Posted: August 14, 2019

The YobaCrypt Ransomware is a file-locking Trojan that can keep your media files from opening by encrypting them. Since encryption attacks are securable against third parties easily, users should maintain backups that give them an easy recovery option against infections. They also can protect their computers by keeping anti-malware products active for removing the YobaCrypt Ransomware as soon as they detect it.

Trojans Meming for Money

File-locking Trojans can take their inspiration from many sources. In the YobaCrypt Ransomware's case, the theme of its campaign correlates with Internet jokes popularized on Russian Web forums. While its name is Russia-specific, the YobaCrypt Ransomware's attacks – file-locking encryption – are threatening to anyone without proper file storage habits.

The YobaCrypt Ransomware's name, an acronym for a 'trollbait' meme referring to lowbrow gaming culture, is incorporated into its AOL address, which it uses for ransom negotiations. Before these negotiations commence, however, the YobaCrypt Ransomware encrypts digital media on the victim's computer, such as documents, pictures, audio and other formats of data. Malware experts can confirm the desktop location's targeting during this attack, although Windows folders like 'Downloads,' 'Music,' and 'Documents' also might be at risk.

The YobaCrypt Ransomware also creates a text message in an unknown location that carries its ransom demands. The YOBA-themed e-mail address is provided along with an ID number, and is in English, unlike some Russia-related Trojans like half of the Scarab Ransomware family. Internal data from the YobaCrypt Ransomware also refers to the program by the name of 'ferrlock,' a string that malware experts don't connect to any previously-analyzed Trojan campaigns.

Stopping a Punchline Based on Extortion

File-locking Trojans like the YobaCrypt Ransomware can demand ransoms with few to no refund options, such as via Bitcoins or another cryptocurrency, or prepaid vouchers. Malware experts always recommend that users check every possibility for retrieving their data without paying the ransom, first. Backing up work to a safe location previously provides the most efficient means of recovering any locked content, but some members of the cyber-security community, also, specialize in decrypting media affected by threats of this type.

No data is yet available connected the YobaCrypt Ransomware's samples to its ongoing distribution efforts. It is, however, circulating as an unsigned, Windows executable that's pretending that it's part of Windows (the 'sysutils' component). Windows users should avoid downloading their updates from unofficial sources, especially pop-ups from third-party sites. Currently, just over half of most AV vendors provide products capable of deleting the YobaCrypt Ransomware safely while scanning your computer.

The YobaCrypt Ransomware is laughing at the expense of PC owners who aren't backing their files up to USBs or the cloud. Like every other file-locking Trojan, its profits can accumulate only by helping it inadvertently – through not taking care of what's on your hard drive.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to YobaCrypt Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.