Yatron RaaS Appends .yatron Extension, Aims to Utilize EternalBlue Exploit
NEWS

Yatron RaaS Appends .yatron Extension, Aims to Utilize EternalBlue Exploit


Yatron is the name of a new ransomware-as-a-service which is currently being advertised on Twitter. Apparently, the ransomware plans to use the

The criminals behind this campaign are once again using the very same SMB flaw (MS017-010) to deliver Backdoor.Nitol and Gh0st RAT.
EternalBlue and DoublePulsar exploits for distribution purposes.

Threat Summary

NameYatron
TypeRansomware, Cryptovirus, RaaS
Short DescriptionThe ransomware encrypts files on your computer and displays a ransom message afterward.
SymptomsThe ransomware will encrypt your files and put up a ransom note inside a text file.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Yatron

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Yatron.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Yatron Ransomware-as-a-Service in Detail

The Yatron ransomware is set to delete victims’ encrypted files in case a payment hasn’t been made in 72 hours. Once executed, the ransomware scans the targeted system for specific files and encrypts them appending the .Yatron extension.

Once the encryption process is finished, the ransomware sends the encryption password and unique ID to the command and control server. Security researcher Michael Gillespie, Yatron is based on the well-known RaaS HiddenTear. However, the encryption algorithm has been altered in such a way that decryption with known methods is rather impossible.

However, the most interesting part of the ransomware is that it contains code meant to use the EternalBlue and DoublePulsar exploits to propagate on Windows computers on the same network via SMBv1 security vulnerabilities.
The good news is that the code that should utilize the exploits is unfinished, and Yatron is currently not utilizing the Eternalblue-2.2.0.exe and Doublepulsar-1.3.1.exe executable files.

Another thing the ransomware tries to do is to spread via peer-to-peer programs by copying its executable to default folders. Once the p2p program is started, the ransomware will automatically be shared by the p2p client.
As for Yatron’s ransom note, it says the following:

Your personal files are encrypted By Yatron
Oops ,Your Files Have Been Encrypted
your important files are encrypted !
Your documents, photos, databases and Other personal files are encrypted ?
the files that you looked for not readable ?
We are the only ones who can decrypt your files Through the unique key.
what should I do for decrypting my files?
If you want to recover your files, you must purchase a the unique key
send 0.5 btc to the payment address : ***
Send us your ID after your payment
Email to contact us : [email protected]
As proof you can email us 2 files to decrypt and we will send you the recover files to prove that we can decrypt your files

you have 3 Days to pay or Your files will be deleted

So far, security researchers believe that no one has paid to use the ransomware. Nonetheless, users should be on the lookout since RaaS pieces are known to quickly gain popularity among cybercriminals.

Remove Yatron (.yatron) Ransomware

If your computer got infected with Yatron ransomware, you should have a bit of experience in removing malware. You may want to remove the ransomware as quickly as possible before it gets the chance to spread further and infect other computers. Keep in mind that ransomware-as-a-service pieces such as Yatron may quickly adopt other extensions.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...