Yurei
Yurei is a ransomware group first observed in September 2025 whose payload is a minimally modified fork of the open-source Prince-Ransomware, using ChaCha20 encryption and propagating across SMB shares, primarily targeting food manufacturing, transportation, and IT sectors in Sri Lanka and Nigeria.
Victims
3
First Discovered
2025-09-05
victim
Last Discovered
2025-09-09
victim
Inactive Since
246
days
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
3
hit
Attack Velocity — Last 12 months
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Yurei Blog | No | 2026-04-28T07:23:48 |
fewcriet5rhoy66k6c4cyvb2pqrblxtx4mekj3s5l4jjt4t4kn4vheyd.onion
|
Target
Top 5 Activity Sectors
- Energy 1
- Consumer Services 1
- Agriculture and Food Production 1
Top 5 Countries
-
Switzerland
1
-
Nigeria
1
-
Sri Lanka
1
Heatmap
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
Everything.exe
SoftPerfect NetScan
|
AnyDesk
|
|
|
Invoke-TheHash
NetExec
Rubeus
WinPEAS
|
|
PsExec
SDelete
|
|
YARA Rules (1)
Victims (3)
Noble Corporation is a leading industrial insulation and materials supply company based in India, re…
The Promise Nigeria Ltd is a leading brand in Nigeria’s fast-food and catering industry, renowned fo…
Midcity Marketing (Pvt) Ltd, Sri Lanka is a dominant force in the import, distribution, and marketin…