New Yurei Ransomware Variant Discovered Utilizing PowerShell Automation and ChaCha20 Cipher

A new ransomware group, Yurei, has emerged, targeting victims in Sri Lanka, India, and Nigeria. The ransomware, developed in Go and based on Prince-Ransomware, uses the ChaCha20 cipher for encryption and employs PowerShell automation. While it improves on its predecessor by encrypting files faster and including network drives, it fails to remove Volume Shadow Copies, allowing for potential data restoration.