CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Yurei Ransomware First Victims Identified

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Yurei ransomware, first observed on September 5, 2025, has claimed its first victims. The ransomware is based on the open-source Prince-Ransomware binary and has a flaw that allows victims to recover data using Windows' Volume Shadow Copy Service (VSS). The group has targeted a food manufacturing company in Sri Lanka and two other entities in India and Nigeria. The ransomware operators are believed to be based in Morocco. Yurei ransomware is written in Go, making it challenging for some antivirus tools to detect. The group uses double-extortion tactics, encrypting systems and stealing data for extortion. Despite its flaws, the ransomware has already seen some success due to the fear of data leakage.

Timeline

  1. 16.09.2025 11:53 πŸ“° 1 articles Β· ⏱ 1d ago

    Yurei Ransomware First Victims Identified

    Yurei ransomware, first observed on September 5, 2025, has claimed its first victims. The ransomware is based on the open-source Prince-Ransomware binary and has a flaw that allows victims to recover data using Windows' Volume Shadow Copy Service (VSS). The group has targeted a food manufacturing company in Sri Lanka and two other entities in India and Nigeria. The ransomware operators are believed to be based in Morocco. The ransomware is written in Go, making it challenging for some antivirus tools to detect. The group uses double-extortion tactics, encrypting systems and stealing data for extortion. Despite its flaws, the ransomware has already seen some success due to the fear of data leakage.

    Show sources
    Open in new tab

Information Snippets

  • Yurei ransomware was first observed on September 5, 2025.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources

  • The first victim identified was MidCity Marketing, a food manufacturing company in Sri Lanka.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources

  • Two additional victims were identified in India and Nigeria by September 9, 2025.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources

  • Yurei ransomware is based on the open-source Prince-Ransomware binary, written in Go.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources

  • The ransomware does not delete shadow copies generated by Windows' Volume Shadow Copy Service (VSS), allowing victims to recover data.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources

  • The ransomware operators are believed to be based in Morocco.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources

  • Yurei ransomware uses double-extortion tactics, encrypting systems and stealing data for extortion.

    First reported: 16.09.2025 11:53
    πŸ“° 1 source, 1 article
    Show sources