YUREI RANSOMWARE: THE DIGITAL GHOST

Oct. 6, 2025, 8:03 a.m.

Description

A sophisticated ransomware family called Yurei has emerged, targeting Windows systems with advanced encryption methods. It rapidly encrypts data using ChaCha20 and ECIES, appends .Yurei to files, and disables recovery options. The malware spreads via SMB shares, removable drives, and credential-based remote execution. It employs anti-forensics techniques, including log wiping and secure deletion. Yurei features double-extortion capabilities, threatening data leaks alongside ransom demands. Analysis suggests possible code reuse from the Prince ransomware. The ransomware's professional build, stealthy propagation, and high operational speed make it a significant threat designed for irreversible data compromise.

External References

https://www.cyfirma.com/research/yurei-ransomware-the-digital-ghost
https://otx.alienvault.com/pulse/68e0e75b99d8512eaf923024
Tags
ransomware
double-extortion
yurei
2025-10-04

Date

  • Created: Oct. 4, 2025, 9:22 a.m.
  • Published: Oct. 4, 2025, 9:22 a.m.
  • Modified: Oct. 6, 2025, 8:03 a.m.

Attack Patterns

  • Yurei Ransomware

Additional Informations

  • Manufacturing
  • YUREI_RANSOMWARE
  • Sri Lanka
  • Germany
  • Morocco