'.yum File Extension' Ransomware

The '.yum File Extension' Ransomware is a file-locker Trojan that uses encryption for stopping documents and similar media from opening. These attacks may coincide with pop-ups, changes to your desktop's wallpaper, the removal of default backups or the disabling of essential security and repair features. Let your anti-malware software remove the '.yum File Extension' Ransomware as soon as possible before proceeding with any data restoration, such as recovering from non-local backups.

The Not-So-Yummy Changes in Your Files

A file-locking Trojan that doesn't match up with families with significant activity, like the Scarab Ransomware, Hidden Tear, the Xorist Ransomware, or the Dharma Ransomware, is issuing attacks against users in Taiwan and, possibly, elsewhere. The '.yum File Extension' Ransomware is a Windows program that uses its encryption, first, for blocking content before delivering its demands for money. However, the instructions give neither a currency nor quantity and leave the price for any files up to speculation.

The encryption method that the '.yum File Extension' Ransomware uses for taking the files hostage isn't identifiable without additional samples, although it targets formats like GIF images and other media (documents, audio, movies, archives and so on). The filenames also acquire appended extensions from the '.yum File Extension' Ransomware's name – for instance, 'example.doc.yum' – before the Trojan creates its ransoming note. The latter is only a Notepad text file.

The formatting of the '.yum File Extension' Ransomware's ransoming demands follow the standards of the average Ransomware-as-a-Service payload and may be part of a business operation that threat actors are renting to third parties. The '.yum File Extension' Ransomware offers e-mail addresses for negotiating over the unlocker that recovers your files, as well as a custom ID basing itself on four blocks of Base64 values. However, unlike, for example, the Globe Ransomware, malware experts are finding the '.yum File Extension' Ransomware's instructions making no offers of free or sample decryption assistance.

Returning to a Flavor of Media You're Comfortable Tasting

A member of a Russian research team suggests that the '.yum File Extension' Ransomware is a recent variant of the HC7 Planetary Ransomware, which is, itself an update of the even older HC6 Ransomware. While malware experts can neither confirm nor deny this theory, the differences in the '.yum File Extension' Ransomware's extensions and ransoming messages make it likely that other, internal changes, also are in effect. The users never should assume that decryption for free, even with a verified threat from a previously-decrypted family, is possible with any file-locker Trojan.

Backing up your media to external storage or PCs will as always, help with recovering any content that the '.yum File Extension' Ransomware holds for its ransoming negotiations. Effective protection against file-locking Trojans of most origins includes monitoring e-mail messages for possible attacks (such as a Word document with a macro exploit), avoiding weak passwords that criminals could brute-force, and disabling security-weak features like JavaScript while browsing the Web. Anti-malware products are typically capable of deleting the '.yum File Extension' Ransomware and threats of the same category without problems.

The '.yum File Extension' Ransomware may leave a bad taste in anyone's mouth, but only if they forget their cloud and removable device backup schedules. Whether it's a new flavor or the same old one with a fresh branding, the '.yum File Extension' Ransomware's campaign is more preying on those with self-inflicted problems.