YourRansom Ransomware
Posted: February 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 5/10 |
---|---|
Infected PCs: | 7 |
First Seen: | February 6, 2017 |
---|---|
Last Seen: | October 21, 2022 |
OS(es) Affected: | Windows |
The YourRansom Ransomware is a Go programming language-based Trojan that can encrypt your files, change their extensions and create text messages for recovering your data theoretically. Many decryption services promoted by remote attackers aren't necessarily reliable, and keeping backups can prevent you from needing to take risks with a file-decoding solution. Any PCs with adequate anti-malware protection also should have few issues with deleting the YourRansom Ransomware when it tries to install itself.
Freeware Trojans for Costly Data Attacks
Just as wellsprings are responsible for rivers, open-source code is one of the recurring fonts of new software, including Trojans. One problematic campaign is traceable back to a Chinese project its author offers for perusal on GitHub. Within a month, another threat actor has taken advantage of the example program to create the YourRansom Ransomware, an English-targeting Trojan whose file-locking attacks may be irreversible.
Many of the variants of file-encoding Trojans malware experts identify are low-effort clones that modify an extension or a ransom address without touching the internal code to any real degree. However, the YourRansom Ransomware is not such a copycat, and its author appears to have significant changes, resulting in behavioral differences that hurt the victim's ability to access the decryptor. Overall, its features include:
- Although the YourRansom Ransomware ignores files in 'sensitive' locations, such as the Windows folder, it scans most other directories for formats such as DOC, MPG, TXT or ZIP. It encrypts these files automatically. Unlike the various file-encrypting Trojans deploying against such targets as mid-sized businesses, the YourRansom Ransomware also displays a visible window while the encryption function runs, which could help you identify and terminate it before it finishes.
- The Trojan places a '.youransom' extension at the end of each filename affected by the previous attack without removing any first extension (for example: 'picture.gif.youransom').
- The YourRansom Ransomware creates a simple Notepad 'ransom' message for contacting its author for help along with a file that stores the encryption key. Unlike the original version of the program, malware analysts can confirm that the YourRansom Ransomware doesn't save the code for decryption locally or transfer it to a remote C&C server. Without the second code, data recovery by decryption is impossible.
Your Best Way out of a the YourRansom Ransomware Issue
In theory, a remote attacker could offer a data-decoding service for anyone affected by the attacks of their file-encrypting Trojans, although the practical reality of recovery chances may be less than ideal. In the case of the YourRansom Ransomware, the lack of local or network-based saving of the pertinent unlocking data means that the author must keep the decryption key hard-coded and in his possession preemptively. In any scenario where that's not the case, or he fails to offer the code, the victim will be unable to restore any files without using a traditional backup.
The YourRansom Ransomware isn't in large-scale deployment, and malware experts judge it as being improbable as a threat intended for compromising financially-meaningful targets. Small-scale Trojans of the YourRansom Ransomware's type sometimes bundle themselves with free downloads or disguise their installers as being cracks, or other, equally illicit software. Any anti-malware product capable of identifying similar threats also should remove the YourRansom Ransomware without problems; copying your files to an external server also guarantees that they suffer no extra damage.
If being generous, one could describe the YourRansom Ransomware as being either 'educational' or 'just a joke.' On the other hand, a joke from one perspective can be long-term file problems from another point of view, which is why saving spares to another device is so valuable to the rest of the PC community.