YAYA Ransomware

What is YAYA Ransomware?

If your Windows operating system has been attacked by YAYA Ransomware, you might be wondering what kind of malware this is, where it came from, and what you should do about it. These are all terrific questions, and you can find answers to them in this report prepared along with the malware experts in our Anti-Spyware-101.com internal lab team. According to the experts, YAYA is ransomware, which is the kind of malware that takes something hostage to demand a ransom. In this case – your personal files. The infection does not remove them or place them in a secret location. Instead, it encrypts files using a unique encryption key, and that should ensure that no one can read them normally. Unfortunately, ransomware infections are very lucrative, and that is why we report new variants nearly every single day. Sadly, you cannot recover files by deleting YAYA Ransomware, but note that this malware must be eliminated as soon as possible.

How does YAYA Ransomware work?

YAYA Ransomware is a new variant of GlobeImposter Ransomware, and malware scanners and removal tools can identify different variants by the same name. However, it is easy to see which variant has corrupted your files by looking at their names. The “.YAYA” extension should be pinned to them. There is a free tool named ‘GlobeImposter Decryptor’ that, in theory, should decrypt files for free. In practice, we do not know if it will help everyone. Of course, if you cannot replace files – which is something that you can do if you have backups stored outside the computer – employing this tool might be the only solution available to you. What about the solution introduced by cybercriminals? You must know that trusting them is not a good idea, and so trusting their solutions, promises, and tools should be frowned upon too. A file named “how_to_back_files.html” is dropped by YAYA Ransomware to deliver a message from the attackers, and if you are not willing to put your virtual security and finances at risk, we suggest that you delete this file without opening it first.

The message introduced via the .html file suggests that you need to email the cybercriminals behind YAYA Ransomware at yaya_captain@aol.com and yaya_captain999@india.com if you want to be given the opportunity to pay for a decryptor. How much will you have to pay for this tool? We cannot know for sure because cybercriminals might “assign” different sums to different victims. Of course, we do not advise paying the ransom whether it is $5 or $5,000. In either case, your ransom will be a waste of money. Do you really expect that cybercriminals will send you a decryptor if you fulfill their demands? We doubt it. Even emailing them could be dangerous because you do not want your inbox to be flooded with emails from cybercriminals, do you? In conclusion, we suggest that you ignore the ransom note and keep away from your attackers. Remember that they will say and do anything just to make money.

How to delete YAYA Ransomware

You can automatically remove YAYA Ransomware from your operating system with the help of a genuine anti-malware tool. Remember, it could identify this threat as GlobeImposter, and that is perfectly fine. Another reason to install such a tool is full-time Windows protection. The longer you keep your system unprotected, the bigger are the chances that you will face malware again, and note that there are plenty of other threats besides ransomware too. If you are not currently interested in securing your system against malware, you will have to delete YAYA Ransomware manually. Use the guide below, and if you face any difficulties, do not hesitate to communicate with us via the comments section below. Our final advice is to keep copies of files outside the computer. As long as backups exist, you will not need to worry about malware corrupting your original files.

Removal Instructions

1. Delete the ransom note file named how_to_back_files.html. Get rid of all copies.
2. Simultaneously tap Windows and E keys to open the File Explorer window.
3. Type %APPDATA% into the field at the top and then tap Enter on the keyboard to access the directory.
4. If you can identify a malicious {unique name}.exe file, Delete it. The name can be revealed in step 8.
5. Simultaneously tap Windows and R keys to open the Run dialog box.
6. Type regedit into the box and then click OK to open the Registry Editor utility.
7. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
8. Delete the value named CertificatesCheck if its value data points to the malicious {unique name}.exe file.
9. Exit all utilities and then immediately Empty Recycle Bin.
10. Install and use a trusted malware scanner to perform a complete system scan. Download Removal Tool100% FREE spyware scan and
    tested removal of YAYA Ransomware*