VERY IMPORTANT

Yurei, a newly emerged ransomware group, targeted a Sri Lankan food manufacturing company on September 5, 2025. The group employs a double-extortion model, encrypting files and exfiltrating sensitive data. Check Point Research discovered that Yurei's ransomware is based on the open-source Prince-Ransomware, with minor modifications. The ransomware, written in Go, contains a flaw allowing partial recovery through Shadow Copies. Since its first victim, Yurei has quickly expanded to three victims across Sri Lanka, India, and Nigeria. The investigation suggests the threat actor may originate from Morocco. Yurei's operation demonstrates how open-source malware lowers the entry barrier for cybercriminals, enabling less-skilled actors to launch ransomware attacks.