A few days ago a new ransomware emerged, called Yatron. The cybercriminal did not just stop here, but also developed a platform to sell the ransomware to others willing to distribute it, a method called “ransomware as a service”. Basically, anybody can buy a personalized version of the malware and distribute it however they want. Usually, these services are continuously beneficial for both the developer and the buyer, as the developer will receive a share of all payments made by the victims. Yatron takes a little different approach and demands only a one-time payment from the ransomware buyer.
Yatron ransomware – test findings
Yatron promises to use advanced exploits to spread across the target network, exploits used by NSA and leaked some time ago, named EternalBlue and DoublePulsar. Although these target older versions of the Windows file sharing services and were patched by Microsoft, they still represent a major security vulnerability for those who did not update their operating systems.
Another particularity of Yatron is that it will also try to spread using Peer-to-Peer (P2P) services, making use of P2P clients and share itself to others on the internet.
Once executed, the payload immediately starts encrypting important user files. It managed to encrypt all our test files in under 5 minutes, which makes it pretty fast as well. Encrypted files are renamed, as the “.Yatron” extension is appended during encryption. Volume shadow copies of the files are also deleted during the attack.
Once done, it will drop a very minimal ransom note on the desktop and then open a dialog, prompting the user to pay the ransom, or the files will be deleted in less than 72 hours. The cybercriminals demand $300 worth of BitCoin to recover the encrypted files.
Yatron ransomware vs Ranstop – test results
TEMASOFT Ranstop detects this version of Yatron ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, and the malware process is stopped and quarantined. The affected files are automatically recovered so that the user doesn’t lose any critical document.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.