CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Yurei Ransomware Targets Food Manufacturing and Other Companies

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Yurei ransomware, first observed on September 5, 2025, has claimed its first victims, including MidCity Marketing in Sri Lanka, and companies in India and Nigeria. The ransomware relies on open-source malware and has a flaw that allows victims to recover encrypted data. The group employs double-extortion tactics, stealing data to pressure victims into paying ransoms. Yurei operators are believed to be based in Morocco. The ransomware is a modified version of the open-source Prince-Ransomware, written in Go. It does not delete shadow copies, allowing victims to restore files if Volume Shadow Copy Service (VSS) is enabled. This oversight highlights the group's lack of sophistication. Defenders are advised to activate VSS and take regular snapshots to mitigate the risk.

Timeline

  1. 16.09.2025 11:53 1 articles · 13d ago

    Yurei Ransomware Targets Food Manufacturing and Other Companies

    Yurei ransomware, first observed on September 5, 2025, has claimed its first victims, including MidCity Marketing in Sri Lanka, and companies in India and Nigeria. The ransomware relies on open-source malware and has a flaw that allows victims to recover encrypted data. The group employs double-extortion tactics, stealing data to pressure victims into paying ransoms. Yurei operators are believed to be based in Morocco. The ransomware is a modified version of the open-source Prince-Ransomware, written in Go. It does not delete shadow copies, allowing victims to restore files if Volume Shadow Copy Service (VSS) is enabled. This oversight highlights the group's lack of sophistication. Defenders are advised to activate VSS and take regular snapshots to mitigate the risk.

    Show sources

Information Snippets

  • Yurei ransomware was first observed on September 5, 2025.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources
  • The first known victim of Yurei ransomware is MidCity Marketing in Sri Lanka.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources
  • Yurei ransomware has also targeted companies in India and Nigeria.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources
  • Yurei ransomware is based on the open-source Prince-Ransomware, written in Go.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources
  • The ransomware does not delete shadow copies, allowing victims to recover files if VSS is enabled.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources
  • Yurei operators are believed to be based in Morocco.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources
  • Yurei ransomware employs double-extortion tactics, stealing data to pressure victims.

    First reported: 16.09.2025 11:53
    1 source, 1 article
    Show sources