Yurei Ransomware Emerges: Double-Extortion Model Threatens Corporations

Security researchers at AhnLab have identified Yurei, a new ransomware group operating since September 2025. Yurei uses a double-extortion model, encrypting data and demanding ransom for stolen information. Unlike many modern ransomware groups, Yurei operates independently without relying on Ransomware-as-a-Service (RaaS) ecosystems. The malware, written in Go, performs encryption with minimal preparation and uses a dual-layer cryptographic model. Yurei's attacks have impacted various industries, including transportation, IT software, marketing, and food and beverage.

Latest mentioned: 11-17

Earliest mentioned: 11-10

Sources

securityonline.info ahnlab.com

Also Read

Lazarus Group Espionage Campaign Targets Aerospace and Defense

Security researchers at ENKI have uncovered a sophisticated espionage campaign by the Lazarus Group targeting aerospace and defense organizations. The campaign, active since March 2025, uses phishing operations with malicious Word documents disguised as legitimate communications. The new Comebacker backdoor variant demonstrates significant technical evolution, including encrypted command-and-control communications and sophisticated persistence mechanisms. The campaign's focus on specific organizations indicates strategic targeting aligned with espionage objectives.

11-12Read more →