Yashma Ransomware

Malware updated 4 months ago (2024-05-04T20:19:38.603Z)

Download STIX

Preview STIX

Yashma ransomware is a malicious software that was first observed in May 2022 as a rebranded version of the Chaos ransomware builder V5, which leaked in April 2022. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Cybersecurity researchers have noted an uptick in new strains originating from the Yashma ransomware builder, with earlier versions establishing persistence in the Run registry key and by dropping a Windows shortcut file pointing to the ransomware executable path in the startup folder. A new threat actor, seemingly of Vietnamese origin, has been identified using a custom variant of the Yashma ransomware. This group has been active since at least June 4, 2023, targeting victims in English-speaking countries, Bulgaria, China, and Vietnam. The operation demonstrates similarities to the infamous WannaCry ransomware, indicating a potential evolution in the malware's capabilities. The gang uses a Yashma ransomware variant that downloads a ransom note from an account named “nguyenvietphat” on Github, successfully evading some endpoint detection and antivirus software. Despite the release of a decryptor that addressed earlier versions of the Yashma ransomware, the threat persists due to the emergence of this new variant. The ongoing attack mimics characteristics of WannaCry, suggesting a deliberate strategy to target multiple geographic areas. This development underscores the need for continued vigilance against evolving cyber threats, especially as these actors demonstrate increasing sophistication in their methods.

Description last updated: 2024-05-04T16:40:03.740Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
WannaCry	Unspecified	2	WannaCry is a type of malware, specifically ransomware, that gained notoriety in 2017 as one of the largest and most damaging cyber-attacks to date. The malicious software exploits vulnerabilities in computer systems to encrypt data, effectively holding it hostage until a ransom is paid. It primaril

Source Document References

Information about the Yashma Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	Custom Yashma Ransomware Crashes Into the Scene
InfoSecurity-magazine	a year ago	Vietnamese-Origin Ransomware Operation Mimics WannaCry Traits
CERT-EU	a year ago	Report: New ransomware gang emerges in Vietnam
CERT-EU	a year ago	This Ransomware Targets Several English-Speaking Nations \| IT Security News
CERT-EU	a year ago	Reflecting on supply chain attacks halfway through 2023
CERT-EU	a year ago	New Yashma Ransomware Variant Targets Multiple English-Speaking Countries
CERT-EU	a year ago	Threat Actors English-Speaking Countries with Customized Yashma Ransomware \| IT Security News
CERT-EU	a year ago	Code leaks are causing an influx of new ransomware actors
CERT-EU	a year ago	Novel Vietnam-based ransomware operation detailed