Home Malware Programs Ransomware YourRansom Ransomware

YourRansom Ransomware

Posted: February 6, 2017

The YourRansom Ransomware is a Go programming language-based Trojan that can encrypt your files, change their extensions and create text messages for recovering your data theoretically. Many decryption services promoted by remote attackers aren't necessarily reliable, and keeping backups can prevent you from needing to take risks with a file-decoding solution. Any PCs with adequate anti-malware protection also should have few issues with deleting the YourRansom Ransomware when it tries to install itself.

Freeware Trojans for Costly Data Attacks

Just as wellsprings are responsible for rivers, open-source code is one of the recurring fonts of new software, including Trojans. One problematic campaign is traceable back to a Chinese project its author offers for perusal on GitHub. Within a month, another threat actor has taken advantage of the example program to create the YourRansom Ransomware, an English-targeting Trojan whose file-locking attacks may be irreversible.

Many of the variants of file-encoding Trojans malware experts identify are low-effort clones that modify an extension or a ransom address without touching the internal code to any real degree. However, the YourRansom Ransomware is not such a copycat, and its author appears to have significant changes, resulting in behavioral differences that hurt the victim's ability to access the decryptor. Overall, its features include:

  • Although the YourRansom Ransomware ignores files in 'sensitive' locations, such as the Windows folder, it scans most other directories for formats such as DOC, MPG, TXT or ZIP. It encrypts these files automatically. Unlike the various file-encrypting Trojans deploying against such targets as mid-sized businesses, the YourRansom Ransomware also displays a visible window while the encryption function runs, which could help you identify and terminate it before it finishes.
  • The Trojan places a '.youransom' extension at the end of each filename affected by the previous attack without removing any first extension (for example: 'picture.gif.youransom').
  • The YourRansom Ransomware creates a simple Notepad 'ransom' message for contacting its author for help along with a file that stores the encryption key. Unlike the original version of the program, malware analysts can confirm that the YourRansom Ransomware doesn't save the code for decryption locally or transfer it to a remote C&C server. Without the second code, data recovery by decryption is impossible.

Your Best Way out of a the YourRansom Ransomware Issue

In theory, a remote attacker could offer a data-decoding service for anyone affected by the attacks of their file-encrypting Trojans, although the practical reality of recovery chances may be less than ideal. In the case of the YourRansom Ransomware, the lack of local or network-based saving of the pertinent unlocking data means that the author must keep the decryption key hard-coded and in his possession preemptively. In any scenario where that's not the case, or he fails to offer the code, the victim will be unable to restore any files without using a traditional backup.

The YourRansom Ransomware isn't in large-scale deployment, and malware experts judge it as being improbable as a threat intended for compromising financially-meaningful targets. Small-scale Trojans of the YourRansom Ransomware's type sometimes bundle themselves with free downloads or disguise their installers as being cracks, or other, equally illicit software. Any anti-malware product capable of identifying similar threats also should remove the YourRansom Ransomware without problems; copying your files to an external server also guarantees that they suffer no extra damage.

If being generous, one could describe the YourRansom Ransomware as being either 'educational' or 'just a joke.' On the other hand, a joke from one perspective can be long-term file problems from another point of view, which is why saving spares to another device is so valuable to the rest of the PC community.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to YourRansom Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.