Yashma Ransomware

Malware updated 23 days ago (2024-11-29T13:39:23.434Z)
Download STIX
Preview STIX
Yashma ransomware is a malicious software that was first observed in May 2022 as a rebranded version of the Chaos ransomware builder V5, which leaked in April 2022. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Cybersecurity researchers have noted an uptick in new strains originating from the Yashma ransomware builder, with earlier versions establishing persistence in the Run registry key and by dropping a Windows shortcut file pointing to the ransomware executable path in the startup folder. A new threat actor, seemingly of Vietnamese origin, has been identified using a custom variant of the Yashma ransomware. This group has been active since at least June 4, 2023, targeting victims in English-speaking countries, Bulgaria, China, and Vietnam. The operation demonstrates similarities to the infamous WannaCry ransomware, indicating a potential evolution in the malware's capabilities. The gang uses a Yashma ransomware variant that downloads a ransom note from an account named “nguyenvietphat” on Github, successfully evading some endpoint detection and antivirus software. Despite the release of a decryptor that addressed earlier versions of the Yashma ransomware, the threat persists due to the emergence of this new variant. The ongoing attack mimics characteristics of WannaCry, suggesting a deliberate strategy to target multiple geographic areas. This development underscores the need for continued vigilance against evolving cyber threats, especially as these actors demonstrate increasing sophistication in their methods.
Description last updated: 2024-05-04T16:40:03.740Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The WannaCry Malware is associated with Yashma Ransomware. WannaCry is a notorious malware that gained global attention in 2017 when it was responsible for the biggest ransomware attack to date. The malware, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites. Once inside a system, WannaCry can Unspecified
2
Source Document References
Information about the Yashma Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more