Home Malware Programs Ransomware Yogynicof Ransomware

Yogynicof Ransomware

Posted: June 16, 2020

The Yogynicof Ransomware is a file-locking Trojan that's a part of no known family or Ransomware-as-a-Service. The Yogynicof Ransomware payload retains the conventional emphasis on blocking files with encryption for money, although it also removes their name strings. Qualified vendors' anti-malware programs should identify and delete the Yogynicof Ransomware as a danger to your PC.

The Nameless Hostages in a File-Locking Campaign

File-locking Trojans keep to their observable patterns of behavior for understandable reasons. For instance, adding extension data, IDs, and e-mails to filenames helps victims quickly gather pertinent information for a ransoming payment. Whether it's out of sloppiness or malice, sometimes there are Trojans who don't adhere to the unspoken rules, like the Yogynicof Ransomware.

The Yogynicof Ransomware is a Windows Trojan that runs off of .NET Framework, similarly to the Turkish Zeronine Ransomware and April's Thana Ransomware. It locks files using an encryption routine that malware experts have yet to confirm as being secure. It targets digital media content, such as documents in multiple folders throughout the PC. The first sign of the Yogynicof Ransomware's being a semi-original program is its filename-renaming feature here, which erases the original name and replaces it with a number, starting with '1' with incremental increases.

While the name or absence of it doesn't change anything about the encryption that stops a file from opening, the Yogynicof Ransomware's choice causes other issues. The missing extensions can prevent content from opening in appropriately-associated programs, such as documents in word processors. The Yogynicof Ransomware also keeps its victims from quickly identifying the blockaded content. However, its payload is just as monetarily-inclined as those of a typical Ransomware-as-a-Service or RaaS.

Peeling Back the Skin of What Looks Like a Software Hosting Provider

Samples available at this early stage imply that the Yogynicof Ransomware pretends that it's an application related to GitHub – a free software development host. Since there isn't a signature or any other features that would help the Yogynicof Ransomware with dodging being detected, updated threat-detecting security products should be sufficient for blocking its installation. On their end, users should avoid unsafe download resources that are liable for leading to infections, including advertising pop-ups, torrents, and e-mail attachments.

The Yogynicof Ransomware asks for five hundred dollars in Monero in its HTML notes, but victims paying are gambling on getting a decryption service back for recovering their files. Interestingly, it also creates duplicates of its message, which might be for distributing to different folders, even though no such behavior is available in current builds. In any case, paying the ransom is the last resort, and users always should have backups safely stored for keeping their recovery from such attacks as affordable as possible.

Windows users also can protect their systems by installing anti-malware products and keeping their databases up-to-date, definitively.

No matter how big the RaaSes become, there's always room in the Dark Web for another file-locker Trojan. Even if the Yogynicof Ransomware doesn't make its Monero coins, it can cause file damage that outweighs hundreds of dollars in expenses.

Loading...