PanelActoresCampanasMapaTTPs
Panel » Actores » yurei
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
yurei logo

yurei

1 incidentes 1 paises 1 sectores ransomware MA Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Yurei emerged as a ransomware group on September 5, 2025, operating a double-extortion model where they encrypt victim files and exfiltrate sensitive data to demand ransom. The group is assessed with moderate confidence to be of Moroccan origin, based on early malware submissions. Yurei distinguishes itself by leveraging a minimally modified, open-source ransomware codebase, Prince-Ransomware, which allows even less-skilled threat actors to conduct operations. A key characteristic is its initial oversight in failing to delete Volume Shadow Copies, a common ransomware technique, though later reports indicate the use of tools like SDelete for this purpose, alongside deploying "Stranger Things" themed tooling.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

Nigeria (1)

Paises objetivo (SOCRadar)

SwitzerlandIndiaSri LankaNigeriaUnited States

Sectores atacados

Manufacturing (1)

Sectores objetivo (SOCRadar)

Energy & Utilities ConstructionManufacturingWholesale TradeTransportation&WarehousingInformation ServicesProfessional&Technical ServicesHealthCare & Social AssistanceAccommodation&Food ServicesOther

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com