YOLO Ransomware

Posted: February 1, 2019

The YOLO Ransomware is a variant of the Jigsaw Ransomware that can encrypt your files for blocking them, and then delete them over time. The users should be careful about restarting their PCs without disabling this threat, which can trigger data erasures upon its automatic startup. Most anti-malware programs should remove the YOLO Ransomware from your computer safely or block it on sight.

That's One Way to Turn a Movie into a Trash Fire

The Jigsaw Ransomware family, which accumulated an intimidating reputation for its file-deleting proclivities, has yet another variant in evidence. While the YOLO Ransomware displays a possible motive that's less threatening than that of other Jigsaw Ransomware revisions, like the Jigsaw-Dat Ransomware, the Jokers House Ransomware, the Invisible Empire Ransomware or the StrutterGear Ransomware, its attacks are damaging equally. The victims are unable to open their files while the Trojan forces their viewing an intimidating pop-up and ransom demands.

The YOLO Ransomware's file data suggests that its deployment began in early 2018. Its executable fakes being a part of Windows, although, rather than the usual 'svchost,' the YOLO Ransomware imitates the Local Security Authority Process or 'lsass.exe.' Malware analysts are noting that these credentials include fake Microsoft references.

The YOLO Ransomware contains the previous encryption features that readers can see in other Jigsaw Ransomware articles, which runs off of an AES algorithm for locking text documents, pictures, databases and other media. The changes in the YOLO Ransomware contain both a new extension of 'YOLO' and a different ransoming message. The latter, instead of displaying the Saw movie's puppet, shows a burning trash container and unusual English text that asks for a ransom from a 'Blue Team' to the 'Red Team.'

Turning Off the Heat on the YOLO Ransomware

The 'Red Team' terminology, in cyber-security terms, can be a reference to specialists 'role-playing' the parts of threat actors using various anti-security techniques. However, including ransoms is unusual for these security practices, and, like any file-locking Trojan, the YOLO Ransomware is open to criminals exploiting its code for unintended purposes. The YOLO Ransomware, like the other members of the Jigsaw Ransomware family, can delete files whenever it restarts (such as after your PC reboots) or when its pop-up's timer hits zero.

Although its presence in the wild is indisputable, malware analysts require more data for connecting the YOLO Ransomware to its infection vectors. A file-locking Trojan can arrive over e-mail attachments, through browser-embedded scripts, or abuse torrent seeds. Anti-malware products of most reputable brands can delete the YOLO Ransomware and nearly all other versions of the Jigsaw Ransomware and are reliable means of uninstalling the threat.

The YOLO Ransomware may be another reason for backing up your files or just a playful remnant of a network security test. Either way, a Trojan so happy to erase your media is nothing to underestimate.