Yoshikada Ransomware

Researchers working at pcthreat.com discovered a new crypto-threat. It was named Yoshikada Ransomware. Despite the fact that it is a newly-discovered infection, it does not differ much from older threats analyzed by our researchers. Yes, it drops another ransom note on victims’ computers, and uses another extension to mark files, but it, just like many similar threats, locks users’ personal files mercilessly immediately after it infiltrates their computers. The majority of ransomware infections encrypt files on compromised machines or lock users’ Desktops so that it would be easier for cyber criminals behind them to get money from users. Yoshikada Ransomware is no exception. It has been developed for the sole purpose of extracting money from users too. It is the reason it locks users’ personal files without mercy too. You will be told that the only way to unlock files is to transfer a ransom to crooks. To tell you the truth, this might be true, but it does not mean that you should immediately contact crooks and send money to them. Our specialists are strictly against paying ransoms to cyber criminals because they know many cases when users still cannot unlock their files after sending money to crooks. On top of that, they are well aware of the fact that malicious software developers will continue doing their job, i.e. developing new malicious applications if all users send them money.

Yoshikada Ransomware is a nasty infection, specialists say. Once it infiltrates users’ computers, it locks pictures, documents, and a bunch of other files on users’ computers without their knowledge. Users only find out about that when they notice that a bunch of files can no longer be opened. Encrypted files can also be easily recognized by simply looking at them. If the file contains .crypted_yoshikada@cock_lu at the end, for example, mypicture.jpg.crypted_yoshikada@cock_lu, there is no doubt that it has been locked by Yoshikada Ransomware. You will also find a new file how_to_back_files.html in every folder containing encrypted files if you one day encounter Yoshikada Ransomware. This .html file is a ransom note but, surprisingly, it does not contain a single word about a ransom users have to pay to get their files decrypted. It only explains users why they can no longer open their files and tells them that they need to have the special program called YOSHIKADA DECRYPTOR to be able to unlock them. Only cyber crooks behind this ransomware infection have it, but we are sure they are not going to give it to you for free. Therefore, we see no reasons why you should write an email to yoshikada@cock.lu. Yes, purchasing special software from them might be the only way to unlock files because a strong cipher was used to lock them, but there are no guarantees that you will get the decryptor and could unlock your data, so if we were you, we would not spend a cent on it.

There is a reason you have discovered Yoshikada Ransomware on your computer. The chances are high that you have opened a malicious attachment and thus allowed it to enter your system, but, of course, it might be another reason why you have found it active on your computer. For example, you could have downloaded this malicious application from some kind of P2P website. Without a doubt, users find out about ransomware entrance only when they discover their personal files encrypted. Ransomware infections are sneaky threats, so you might not be able to prevent them all from entering your system alone. This is the reason you should install a trustworthy antimalware tool on your computer. It cannot be the first security application found on the web because there are hundreds of malicious applications pretending to be reputable antimalware scanners.

You need to erase Yoshikada Ransomware no matter you are going to pay money to crooks or not because this infection might be launched again in the future and lock all your new files. To delete this infection from your system manually, you do not need to be an expert in malware removal because you could use our manual removal instructions provided below. Of course, the manual removal of this infection will take some time, so if you do not have several free minutes, you should clean your system using an antimalware scanner. Unfortunately, this tool could not decrypt any files for you.

Yoshikada Ransomware removal guide

1. Open Explorer (tap Win+E).
2. Type C:\Users\user\AppData\Roaming in the address bar and press Enter.
3. Locate the malicious executable file (its name will be the same as the malicious file launched).
4. Delete it.
5. Press Win+R.
6. Type regedit and click OK.
7. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
8. Locate the BrowserUpdateCheck Value and select it.
9. Click Delete.
10. Remove how_to_back_files.html from all affected folders.
11. Delete all suspicious recently downloaded files.
12. Empty Trash.