Youhau Ransomware is a New VoidCrypt Clone
Researchers from our team have recently uncovered Youhau, a type of ransomware that encrypts data, changes file names, and generates a ransom note. Youhau came to our attention during an analysis of malware samples. It is part of the VoidCrypt ransomware family, which is known for its malicious behavior.
Youhau's ransom note is a text file labeled "Dectryption-guide.txt." The malware adds the victim's ID, the email address "cyberabc@tutanota.com," and the ".youhau" extension to the original filenames. For example, "1.jpg" would become "1.jpg.MJ-MI0647895312.youhau," while "2.png" would become "2.png.MJ-MI0647895312.youhau."
The ransom note provides information to the victims about the encryption of their files using a cryptography algorithm. It also warns them not to alter or rename the files, use any third-party applications or recovery tools, or reinstall the operating system. Doing so could result in the loss of the key file and permanent data loss.
The ransom note instructs victims to send a test file and the key file located in the "C:/ProgramData" folder of their system to the email address provided, either cyberabc@tutanota.com or youhau@onionmail.org. The attackers will then use this information to facilitate payment and provide the decryption key.
Youhau Ransom Note Written in Poor English
The complete text of the Youhau ransom note goes as follows:
Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
Your Case ID :-
OUR Email :cyberabc@tutanota.com
in Case of no answer: youhau@onionmail.org
How Can You Protect Your System from Ransomware Like Youhau?
To protect your system from ransomware like Youhau, it's essential to follow good cybersecurity practices. Some of these practices include:
- Keep your software up-to-date: Make sure your operating system and software applications are up-to-date with the latest security patches and updates.
- Use strong passwords: Use unique and complex passwords for your accounts and devices. Avoid using the same password for multiple accounts.
- Use anti-malware software: Install and use reputable anti-malware software that provides real-time protection against malware and ransomware.
- Be careful when opening email attachments: Avoid opening email attachments or clicking on links in emails from unknown or suspicious sources.
- Backup your data regularly: Regularly back up your important files and data to an external hard drive or cloud storage.
- Enable two-factor authentication (2FA): Enable 2FA on your accounts wherever possible, which adds an extra layer of security to your login process.
These practices will not guarantee complete protection against ransomware attacks like Youhau, but they can reduce the likelihood of an attack and minimize the potential damage.
