Infected with YYTO Ransomware? Need to decrypt your files?

What is YYTO Ransomware

YYTO Ransomware is new crypto-virus, that encrypt sensitive files on users computers using AES-256 cryptography. Latest version of this ransomware adds .colecyrus@mail.com.b007 suffix to the end of encrypted files. Previously following extensions were appended:

read_to_txt_file.yyto, .albertkerr94@mail.com.m5m5, .read_to_txt_file.juuj

After successful encryption YYTO Ransomware places text files with instructions to pay the ransom on the desktop and in folders with affected files. Instruction files filenames are: help_to_decrypt.txt, read_to_txt_file.yyt, help.txt, encrypt.txt or Readme.txt, depending on the version of ransomware in your case. Ransom amount is between $500 and $1500. Malware developers use the following e-mail addresses for contact: cutterswish@torbox3uiot6wchz.onion, isabell@torbox3uiot6wchz.onion, albertkerr94@mail.com or colecyrus@mail.com.

Currently, there are now 100% working decryptor for .yyto, .b007, .juuj and .m5m5 files, but sometimes it is possible to remove this files using instructions and decryptors offered below. Encrypted files normally can be restored from online backups. This tutorial will help you to remove YYTO Ransomware completely and decrypt .yyto, .b007, .juuj and .m5m5 files.

yyto ransomware note

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.

How YYTO Ransomware infected your PC

YYTO Ransomware usually infects your PC through infected email attachments (be careful, as cyber criminals usually mask their spam malicious emails with attachments into Ebay email or any other popular trusted website), fake software updaters and trojans – that’s why good anti-viruses is vitally important to avoid ransomware threat. You can also get this ransomware on file sharing networks, including torrent files. Ransom is asked to be paid in BitCoins, that also makes the task difficult for the police, as user in this network are often anonymous. Encryption starts in the background. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.

First of all don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the YYTO Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to YYTO Ransomware – files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Step 2: Remove following files and folders of YYTO Ransomware:

Remove following registry entries:

no information

Remove following files:

2.exe
RS01bz.exe
help_to_decrypt.txt
read_to_txt_file.yyt
help.txt
encrypt.txt
Readme.txt

How to decrypt files infected by YYTO Ransomware (.yyto, .b007, .juuj and .m5m5 files)?

Use automated decryption tools

kaspersky rakhni decryptor for YYTO Ransomware

There is ransomware decryptor from Kaspersky that can decrypt .yyto, .b007, .juuj and .m5m5 files. It is free and may help you restore .yyto, .b007, .juuj and .m5m5 files encrypted by YYTO Ransomware virus. Download it here:

Download Kaspersky RakhniDecryptor

You can also try to use manual methods to restore and decrypt .yyto, .b007, .juuj and .m5m5 files.

Decrypt .yyto, .b007, .juuj and .m5m5 files manually

Restore the system using System Restore

system restore

Although, latest versions of YYTO Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – YYTO Ransomware by YYTO Ransomware). This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Restore .yyto, .b007, .juuj and .m5m5 files using shadow copies

shadow explorer gui

  1. Download and run Shadow Explorer.
  2. Select the drive and folder where your files are located and date that you want to restore them from.
  3. Right-click on folder you want to restore and select Export.
  4. Once the scanning process is done, click Recover to restore your files.

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Information provided by: Alexey Abalmasov

Leave a Reply

Your email address will not be published. Required fields are marked *