Yurei ransomware represents a new threat in the cyber landscape, noted for its use of Go-based coding and a meticulous approach to encryption. This malware infiltrates corporate networks, encrypts crucial data, and deletes backups, demanding ransom from victims via negotiations on its dark web site. Notably, this group has targeted organizations in Sri Lanka and Nigeria, particularly within the transportation and logistics, IT software, marketing, and food and beverage sectors.
The encryption methodology utilized by Yurei is particularly advanced; it employs the ChaCha20-Poly1305 algorithm along with secp256k1-ECIES for key protection, making unauthorized decryption nearly impossible. Victims encounter an encryption process that deliberately avoids critical system directories, thus preventing complete operational failure. The ransom note threatens severe consequences for noncompliance, emphasizing the urgency for victims to respond quickly to avoid data leaks. ASEC security researchers have highlighted the unique encryption approach of Yurei, distinguishing it from other ransomware operations.
👉 Pročitaj original: Cyber Security News
