YYYYBJQOQDU Ransomware

The YYYYBJQOQDU Ransomware is a file-locking Trojan that stops your documents and other media from opening by encrypting it. Users can verify infections by searching for its extension of 'YYYYBJQOQDU' and the Notepad ransom note. However, rather than paying, victims always should recover from backups or seek a cyber-security specialist's opinion, and quarantine or delete the YYYYBJQOQDU Ransomware with a suitable anti-malware program.

A Ransoming Operation Over Free E-mail Strikes Again

Another file-locking Trojan that's using the Cock.li e-mail host is launching attacks against Chinese residents using, as per the norm, Windows PCs. The YYYYBJQOQDU Ransomware's ransoming infrastructure is similar to that of the 'cryptor55@cock.li' Ransomware or the 'prusa@rape.lol' Ransomware, among other examples, but malware researchers can't verify any relationships. The YYYYBJQOQDU Ransomware may be independent and show limited clues for determining its installing exploits.

The YYYYBJQOQDU Ransomware encrypts the infected PC's files, including not just 'normal' media formats, like documents or images, but also HTML Web pages, for holding them hostage. The only notable change it makes to the names of the affected data is the use of an added extension of 'YYYYBJQOQDU,' which is very traditional behavior for most file-locking Trojans. Users, still, should be capable of identifying the original content easily, since the YYYYBJQOQDU Ransomware doesn't remove the old extensions or the rest of the name.

Besides the file-locking attack, the YYYYBJQOQDU Ransomware's payload includes a ransoming feature that generates a Notepad file in English. However, the text of the note is, for the most part, a copy-and-paste from the Globe Ransomware family – with some additions that contain various grammar issues. It gives no immediate information on the ransoming cost besides telling victims the e-mail addresses for negotiating further over the decryption service that repairs their files.

Malware experts don't encourage paying this ransom but do highlight the 'free sample' offers, which the YYYYBJQOQDU Ransomware shares with various competitors, as potentially helpful.

Suppressing Asian Extortion in Advance

The YYYYBJQOQDU Ransomware isn't the only file-locking Trojan whose campaign is running against Asian victims – the equally-fresh the '.securityP File Extension' Ransomware of the Paradise Ransomware's family is responsible for similar attacks against South Koreans. Any connections that The YYYYBJQOQDU Ransomware might or might not have to reminiscent campaigns require more evidence for the cyber-security industry's analysis, and victims should consider quarantining the YYYYBJQOQDU Ransomware, along with any infection-related files, encrypted media or ransom notes. Decryption for free may be possible for individual file-locking Trojans, although, in general, it's an unlikely solution.

Data repairs are made much more straightforward for victims of file-locking Trojan infections whenever there are backups available on other devices. Preemptive protection can take different forms, as well, such as scanning e-mail attachments before launching them, disabling script-based features that are vulnerable to being exploited, and keeping secure passwords for your network logins. Most anti-malware products should delete the YYYYBJQOQDU Ransomware safely, especially, if they're using the latest versions of their databases.

China isn't a stranger to attacks like the YYYYBJQOQDU Ransomware's file-locking behavior, but the YYYYBJQOQDU Ransomware could roam outside of its borders. A backup is a canny investment for anyone whose files are worth a penny, let alone a Trojan's ransom.