Yurei Ransomware: A Sophisticated Double-Extortion Threat

A new, sophisticated ransomware strain named Yurei has emerged, built in the Go language for rapid and stealthy attacks. It employs a double-extortion model, encrypting files with the ".Yurei" extension while threatening to leak stolen data. The malware is designed to be irreversible, disabling recovery options by deleting shadow copies, system backups, and event logs. Yurei spreads laterally across networks using SMB shares and removable drives, and it executes robust anti-forensic routines to erase all traces of its activity. Researchers note its code is derived from an open-source project but has been enhanced for greater speed and stealth, making it a professional-grade threat.

Latest mentioned: 10-07

Earliest mentioned: 10-06

Sources

gbhackers.com securityonline.info

Also Read

Gunra Ransomware Targets Windows and Linux Systems

Gunra ransomware, active since April 2025, poses a significant threat with its dual-platform capability, targeting both Windows and Linux systems. The Windows variant uses ChaCha8 encryption and secure random number generation, making decryption impractical. In contrast, the Linux variant employs ChaCha20 encryption but suffers from a cryptographic flaw due to weak random number generation, allowing potential file recovery through brute-force attacks. Organizations must develop platform-specific threat intelligence and incident response strategies to mitigate risks effectively.

10-29Read more →