hello. This is White Defender.
Ransomware can be dealt with if you prevent it in advance.
White Defender is an anti-ransomware solution that can protect against ransomware in real time. thank you안녕하세요. 화이트디펜더입니다.
whitedefender video
This is a video of White Defender responding to ransomware threats.
- title
- Yashma
- Registration date
- 2023-06-04
- type
- Ransomware
- Treatment method
- Diagnosis/treatment is possible with WhiteDefender.
- change extension
- File name.Extension.Individual random value
- ransom note
- Previous post
- Seoul ransomware
- next post
- Rec_rans
Everyzone White Defender Co., Ltd. |
CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights
Reserved.|
What is Yashma ransomware?
This ransomware discovered by Anti-Ransomware WhiteDefender while investigating cyber security threats is [Yashma Ransomware].
As a result of analyzing this, it was found to be a variant of Chaos Ransomware.
I tested running Yashima ransomware with WhiteDefender's real-time protection function turned off.
Encrypts large files (2MB or more) without damaging internal data. Encryption uses AES-256, making restoration impossible without a decryption key.
This malicious ransomware encrypts files on infected devices and adds an extension of four random characters to file names.
For example, the original file "photo.jpg" is encrypted as "photo.jpg. individual random value", and the "2.png" file is encrypted as "2.png. individual random value".
Afterwards, Yashma ransomware changes the desktop image and creates a ransom note (demand for money) [read_it.txt] file.
The ransom note states that this PC has been infected with Yashma ransomware and all files have been encrypted. To decrypt and restore it, you must purchase decryption software, and payment can only be made with Bitcoin.
The ransom note information on the desktop and the "read_it.txt" file show different amounts for decryption.
to use a reliable anti-ransomware program.
Keep your security software up to date.