CyberSum logo
Back

Yurei Ransomware Emerges: Double-Extortion Model Threatens Corporations

Cyber Security News by CyberSum.net
2 sources
Security researchers at AhnLab have identified Yurei, a new ransomware group operating since September 2025. Yurei uses a double-extortion model, encrypting data and demanding ransom for stolen information. Unlike many modern ransomware groups, Yurei operates independently without relying on Ransomware-as-a-Service (RaaS) ecosystems. The malware, written in Go, performs encryption with minimal preparation and uses a dual-layer cryptographic model. Yurei’s attacks have impacted organizations in various industries, including transportation, IT software, marketing, and food and beverage. The ransom note threatens to leak or sell stolen data if victims fail to respond within five days.

Also Read

Contagious Interview Campaign Uses JSON Services for Malware Delivery

Threat actors behind the Contagious Interview campaign are using JSON storage services to host and deliver malware. The campaign targets software developers through professional networking sites, instructing them to download trojanized code projects. These projects contain Base64-encoded values that lead to obfuscated JavaScript malware, BeaverTail, which harvests sensitive data and drops a Python backdoor called InvisibleFerret. The campaign's sophistication and use of legitimate services highlight the actors' stealthy tactics.

By Cyber Security News by CyberSum.net