Yurei勒索软件家族详情

【家族名】
Win32/Ransom.Yurei
[平台]   /   [主类型]  .  [家族名]
平台类型 :  Win32 Win64
威胁类型 : Ransom
【是否支持解密】
360解密大师：暂不支持
在线解密：暂不支持
【被加密文件】
被加密文件后缀格式：.Yurei
修改文件后缀为
【勒索提示信息】：
文件名：_README_Yurei.txt
文件内容


--------------------------------------------------------------------------------------------------------------------------------------------------------------
--== Yurei ==--
Dear Management,
If you are reading this message, it means that:
├─ Your company’s internal infrastructure has been fully or partially compromised.  
├─ All your backups — both virtual and physical — and everything we could access have been completely wiped.  
└─ Additionally, we have exfiltrated a large amount of your corporate data prior to encryption.
We fully understand the damage caused by locking your internal resources. Now, let’s set emotions aside and try to build a constructive dialogue.
WHAT YOU NEED TO KNOW
├─ Dealing with us will save you a lot — we have no interest in financially destroying you.  
├─ We will thoroughly analyze your finances, bank statements, income, savings, and investments, and present a reasonable demand.  
├─ If you have active cyber insurance, let us know — we will guide you on how to properly use it.  
└─ Dragging out negotiations will only cause the deal to fail.
PAYMENT BENEFITS
├─ Paying us saves time, money, and effort — you can be back on track within approximately 24 hours.  
├─ Our decryptor works perfectly on all files and systems — you can request a test decryption at any time.  
└─ Attempting recovery on your own may result in permanent file loss or corruption — in such cases, we won’t be able to help.
SECURITY REPORT & EXCLUSIVE INFO
├─ The report and first-hand insights we provide upon agreement are invaluable.  
└─ No full network audit will reveal the specific vulnerabilities we exploited to access your data and infrastructure.
WHAT HAPPENED
├─ Your network infrastructure has been compromised.  
├─ Critical data has been exfiltrated.  
└─ Files have been encrypted.
WHAT YOU SHOULD NOT DO
├─ Do NOT rename, modify, or delete encrypted files.  
├─ Do NOT shut down your system or run antivirus software — this may cause irreversible damage.  
└─ Do NOT waste time with data recovery companies — they cannot help you.
VALUABLE DATA WE USUALLY STEAL
├─ Databases, legal documents, and personal information  
├─ Audit reports, SQL databases  
├─ Financial documents: statements, invoices, accounting data  
├─ Work files and corporate communications  
├─ Any backup solutions  
└─ Confidential documents
TO DO LIST (Best Practices)
├─ Contact us as soon as possible via our live chat (only).  
├─ Purchase our decryption tool — there is no other way to recover your data.  
├─ Avoid third-party negotiators or recovery services.  
└─ Do not attempt to use public decryption tools — you risk permanent data loss.
RESPONSIBILITY
├─ Violating the terms of this offer will result in:  
│    - Deletion of your decryption keys  
│    - Immediate sale or public disclosure of your leaked data  
│    - Notification of regulatory agencies, competitors, and clients
---
**CHAT:** Yurei  
CHAT:http://fewcriet5rhoy66k6c4cyvb2p ... de2b55af69/chat.php
Your Ticket ID: 5edc2bb4d37530871f9cc30f8322e52b
Blog:http://fewcriet5rhoy66k6c4cyvb2p ... jt4t4kn4vheyd.onion
---
Thank you for your attention.
---
**Important Notes:**  
- Renaming, copying, or moving encrypted files may break the cipher and make decryption impossible.  
- Using third-party recovery tools can irreversibly damage encrypted files.  
- Shutting down or restarting the system may cause boot or recovery errors and further damage the encrypted data.
--------------------------------------------------------------------------------------------------------------------------------------------------------------


【防护建议】
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。