CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
CYFIRMA Research
CYFIRMA Research: Yurei Ransomware- The Digital Ghost
CYFIRMA has identified Yurei Ransomware, a Go-based strain engineered for speed, stealth, and irreversible impact.
It encrypts files with ChaCha20 + ECIES, appends a .Yurei extension, and drops ransom notes _README_Yurei.txt with Tor-based communication channels. Yurei destroys backups, wipes logs, manipulates timestamps, and even self-destructs to erase traces, leaving defenders blind. It spreads laterally via SMB shares, USBs, and PsExec/CIM-based credential execution, while adopting double-extortion tactics threatening both encryption and data leaks.
Observed since September 2025, the first victim was a Sri Lankan food manufacturer, with samples uploaded from Morocco, Germany, and Turkey, pointing to a global footprint. Code overlaps suggest reuse from Prince Ransomware, reinforcing its professional design.
Link to the Research Report: https://www.cyfirma.com/research/yurei-ransomware-the-digital-ghost/
#CyberSecurity #ThreatIntelligence #Ransomware #YureiRansomware #IncidentResponse #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/