Yurei Ransomware Targets Food Manufacturing and Other Companies
Summary
Hide ▲
Show ▼
Yurei ransomware, first observed on September 5, 2025, has claimed its first victims, including MidCity Marketing in Sri Lanka, and companies in India and Nigeria. The ransomware relies on open-source malware and has a flaw that allows victims to recover encrypted data. The group employs double-extortion tactics, stealing data to pressure victims into paying ransoms. Yurei operators are believed to be based in Morocco. The ransomware is a modified version of the open-source Prince-Ransomware, written in Go. It does not delete shadow copies, allowing victims to restore files if Volume Shadow Copy Service (VSS) is enabled. This oversight highlights the group's lack of sophistication. Defenders are advised to activate VSS and take regular snapshots to mitigate the risk.
Timeline
-
16.09.2025 11:53 1 articles · 13d ago
Yurei Ransomware Targets Food Manufacturing and Other Companies
Yurei ransomware, first observed on September 5, 2025, has claimed its first victims, including MidCity Marketing in Sri Lanka, and companies in India and Nigeria. The ransomware relies on open-source malware and has a flaw that allows victims to recover encrypted data. The group employs double-extortion tactics, stealing data to pressure victims into paying ransoms. Yurei operators are believed to be based in Morocco. The ransomware is a modified version of the open-source Prince-Ransomware, written in Go. It does not delete shadow copies, allowing victims to restore files if Volume Shadow Copy Service (VSS) is enabled. This oversight highlights the group's lack of sophistication. Defenders are advised to activate VSS and take regular snapshots to mitigate the risk.
Show sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
Information Snippets
-
Yurei ransomware was first observed on September 5, 2025.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
-
The first known victim of Yurei ransomware is MidCity Marketing in Sri Lanka.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
-
Yurei ransomware has also targeted companies in India and Nigeria.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
-
Yurei ransomware is based on the open-source Prince-Ransomware, written in Go.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
-
The ransomware does not delete shadow copies, allowing victims to recover files if VSS is enabled.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
-
Yurei operators are believed to be based in Morocco.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53
-
Yurei ransomware employs double-extortion tactics, stealing data to pressure victims.
First reported: 16.09.2025 11:531 source, 1 articleShow sources
- Emerging Yurei Ransomware Claims First Victims — www.darkreading.com — 16.09.2025 11:53