.YYYYBJQOQDU Files Virus - What Is It? How Can I Remove It?

.YYYYBJQOQDU Files Virus – What Is It? How Can I Remove It?

What is .YYYYBJQOQDU Files Virus? Can .YYYYBJQOQDU encrypted files be recovered?

The so-called .YYYYBJQOQDU files virus is a ransomware which encrypts files on a compromised system and adds the .YYYYBJQOQDU extension to them. Once the files are encrypted, they are inaccessible to the victim.

Ransomware viruses usually drop a ransom note with instructions on how to pay the ransom in Bitcoin in exchange for decryption. However, in this case the operators behind the .YYYYBJQOQDU ransomware don’t provide specific instructions. This way, they are trying to persuade the victim to contact them via email (supportd@tfwno(dot)gf). It seems that cybercriminals would request different ransom fees depending on the victim’s financial situation. In case an enterprise is infected, the ransom fee may be quite big.

Threat Summary

Name.YYYYBJQOQDU Files Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and asks you to contact the ransomware operators via email.
SymptomsThe ransomware will encrypt your files by appending the .YYYYBJQOQDU extension to them.
Distribution MethodSpam Emails, Email Attachments, Unsafe Browsing
Detection Tool See If Your System Has Been Affected by .YYYYBJQOQDU Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .YYYYBJQOQDU Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

We believe it is not a good idea to contact cybercriminals in general, as there is no guarantee you will receive a decryption key.

.YYYYBJQOQDU Files Virus – How Did I Get It and What Does It Mean?

.YYYYBJQOQDU ransomware may be spreading with the help of a payload dropper which triggers the script for the infection. The ransomware may be hiding on suspicious websites or freeware websites, or could be delivered via malicious spam. Keep in mind that freeware available on random web pages can be hosting the malicious script of .YYYYBJQOQDU files virus. By downloading a freeware program you may also get the ransomware, which will encrypt all of your data.

Here is the ransom note that the so-called .YYYYBJQOQDU files virus drops on victims’ systems:

Here is what it says:

====== the Attention! ======
All your files is, documents, photos, databases and other important files are encrypted and have the extension: .YYYYBJQOQDU
You are not Able to decrypt it by yourself
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can the send an email supportd@tfwno.gf and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files ?
Write to email supportd@tfwno.gf
Your personal ID: [10 hex uppercase letters] Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Keep in mind that interacting with cybercriminals is never a good idea. We don’t advise you on contacting them via the given email. Your best bet is to wait for an official decryption tool to be released by malware researchers. If the cybercriminals behind the .YYYYBJQOQDU files virus get caught by the authorities, the master decryption key may be released for victims to decrypt their data for free.

Remove .YYYYBJQOQDU Files Virus

If your computer got infected with the .YYYYBJQOQDU ransomware, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it gets the chance to spread further and infect more computers. We recommend you to remove the ransomware and follow the step-by-step instructions guide provided below.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share