Yyza Ransomware Will Lock Your Files

In the process of scrutinizing recently uncovered instances of malware, we chanced upon a fresh variation of ransomware labeled Yyza, belonging to the broader Djvu malware family.

Gatq functions by encrypting files and tacking on the ".yyza" extension to their filenames. Additionally, it generates a distinct text document termed "_readme.txt," which serves as the designated ransom note.

To offer an insight into Yyza's technique of altering filenames, it takes the example of transforming "1.jpg" into "1.jpg.yyza," similarly changing "2.png" into "2.png.yyza," and so forth. It's important to emphasize that Yyza might be disseminated alongside other malware variants, including infostealers, owing to its affiliation with the Djvu lineage.

The ransom note dispatched by Yyza stipulates that victims must pay a sum in exchange for gaining access to the decryption software and a unique key necessary to unlock their files. Those who initiate contact with the threat actors within a 72-hour window possess the opportunity to secure the decryption tools for a fee of $490. Nevertheless, missing this deadline amplifies the requirement to the full amount of $980.

Moreover, the ransom note underscores that victims possess the liberty to send a single file to the attackers prior to effecting payment. The attackers will then decrypt this specific file without any charge.

Yyza's Ransom Note Asks for $490 in Initial Ransom

The full text of the Yyza ransom note reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
restorealldata@firemail.cc

Reserve e-mail address to contact us:
gorentos@bitmessage.ch

Our Telegram account:
@datarestore

Your personal ID:

How Can Your Protect Your Data from Ransomware?

Protecting your data from ransomware requires a multi-layered approach that involves preventive measures, awareness, and proactive strategies. Here are some steps you can take to safeguard your data from ransomware attacks:

• Backup Regularly: Create regular backups of your important data and store them offline or in a secure cloud storage service. This ensures you can restore your files without paying the ransom if you ever fall victim to an attack.
• Keep Software Updated: Regularly update your operating system, applications, and security software to ensure they have the latest security patches and fixes for vulnerabilities that could be exploited by ransomware.
• Use Strong Passwords and Multi-Factor Authentication: Implement strong, unique passwords for all your accounts, and whenever possible, enable multi-factor authentication (MFA) to add an extra layer of security.
• Beware of Suspicious Emails and Links: Be cautious when opening email attachments or clicking on links, especially if the email is unexpected, contains urgent requests, or comes from unknown senders. Verify the sender's identity before taking any action.
• Secure Remote Desktop Services: If you use remote desktop services, ensure that they are properly configured with strong passwords and limited access. Disable remote desktop if it's not needed.
• Use Reliable Security Software: Install reputable antivirus and anti-malware software on your devices and keep them up to date. These tools can detect and block ransomware before it can infect your system.