By Ellen Jennings-Trace

Copyright techradar

Skip to main content

Tech Radar Pro

Tech Radar Gaming

Close main menu

the business technology experts

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

View Profile

Search TechRadar

Expert Insights

Website builders

Web hosting

Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights

Don’t miss these

The AI-powered future of ransomware is coming soon – here’s what we need to look out for

The first AI-powered ransomware has been spotted – and here’s why we should all be worried

How XWorm is fueling the rise of plug-and-play malware

I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now

Democratized cybercrime: a new lower bar for hackers and higher stakes for security

Nearly half of companies say they pay up ransomware demands – but here’s why that could be a bad idea

Don’t stop at basic protections; make ongoing training a priority

Watch out AI fans – cybercriminals are using jailbroken Mistral and Grok tools to build powerful new malware

This devious ransomware is able to hijack your system to turn off antivirus

Cybercriminals are abusing LLMs to help them with hacking activities

Why document-borne malware needs to be back on the radar for organizations

Hybrid cloud vs ransomware: why resilience starts with the right data strategy

A chain reaction: inside the cyberattack that brought M&S to its knees

Enterprise security faces new challenge as attackers master art of digital impersonation

Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn

It doesn’t take a genius to be a cybercriminal – and open source ransomware is making it easier than ever

Ellen Jennings-Trace

15 September 2025

Taking your money just got easier

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock / LALAKA)

Check Point has observed ransomware being re-used
Yurei ransomware has targeted a Sri Lankan food manufacturing firm
Open-source ransomware lowers the barrier for criminals

A new study by Check Point research has revealed that cybercriminals are sharing their tactics by using open-source ransomware models, which is ‘enabling even less-skilled threat actors to launch ransomware operations.’

By observing one particular cyberattack which targeted a Sri Lankan food manufacturing firm, the researchers were able to identify the new ransomware group, Yurei, only made very slight modifications to an existing tool in the Prince-Ransomware strain.
The attack is a ‘double ransomware’ model, in which the victim’s files are encrypted, sensitive data is exfiltrated, followed by the demand for a ransom to both decrypt the information, and also to refrain from posting the data on dark web sites or selling it to the highest bidder.

You may like

The AI-powered future of ransomware is coming soon – here’s what we need to look out for

The first AI-powered ransomware has been spotted – and here’s why we should all be worried

How XWorm is fueling the rise of plug-and-play malware

Yurei ransomware
The ransomware group, named Yurei after a Japanese ghost tale, has utilized an existing open-source ransomware project. Open-source projects enable lower-skilled threat actors to enter the ransomware space with ease.

But, by re-using Prince-Ransomware’s code base, Yurei inherited all of the same flaws, the research says, including the ‘the failure to remove Volume Shadow Copies’ and the ‘oversight enables partial recovery in environments where VSS is enabled.’
“While open-source malware is a threat, it also gives defenders opportunities to detect and mitigate these variations. However, Yurei succeeded in running their operation on several victims, which shows that even low-effort operations can still lead to success,” the study concludes.
The barriers are lowered both in terms of skill and effort, which is only compounded by the huge increase in the use of AI. Only 20% of ransomware is not powered by AI – and it’s used in CAPTCHA bypass, password cracking, code generation, and even to build sophisticated social engineering attacks.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
You might also like

Take a look at our picks for the best malware removal software around
Check out our choice for best antivirus software
MCP’s biggest security loophole is identity fragmentation

Ellen Jennings-Trace

Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

The AI-powered future of ransomware is coming soon – here’s what we need to look out for

The first AI-powered ransomware has been spotted – and here’s why we should all be worried

How XWorm is fueling the rise of plug-and-play malware

I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now

Democratized cybercrime: a new lower bar for hackers and higher stakes for security

Nearly half of companies say they pay up ransomware demands – but here’s why that could be a bad idea

Latest in Security

VSCode market struck by huge influx of malicious WhiteCobra extensions – so be warned

Double check your Microsoft 365 and Google accounts – this VoidProxy phishing service is hitting them hard

US solar highway infrastructure may contain hidden malicious tech, officials warn

US Senator says Microsoft should be probed for ‘gross cybersecurity negligence’ after hospital ransomware attacks

Apple issues customer warning after four spyware campaigns discovered targeting devices

M&S chief digital and technology officer steps down in wake of damaging cyberattack

Latest in News

Battlefield 6 will be better for everyone thanks to the Xbox Series S

I can’t stop rewatching Christopher Nolan’s best movie, and the good news? It’s free to stream

The Apple Watch’s new hypertension upgrade lands in watchOS 26 today – here’s why it’s a big deal and which models are compatible

Your Apple TV 4K gets a free upgrade to tvOS 26 today – here are 5 changes to try

If you’re hankering to play Final Fantasy 7 Remake Intergrade on Switch 2, then be warned: it’s massive and will be a Game Key card

Apple may have found a fix for mercenary spyware attacks – and iPhone 17 and iPhone Air users get the most of new protections

LATEST ARTICLES

Best Buy’s OLED TV sale is like a Black Friday preview – shop clearance prices from $699.99

Fans agree Liam Hemsworth ‘looks pretty good as Geralt’ in Netflix’s The Witcher season 4 teaser

3 simple tricks I used in the gym to hit my first set of 10 strict pull-ups

Apple may have found a fix for mercenary spyware attacks – and iPhone 17 and iPhone Air users get the most of new protections

Netflix and HBO Max were the big 2025 Emmys winners, but Apple TV+ was the real victor for me

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Contact Future’s experts

Terms and conditions

Privacy policy

Cookies policy

Advertise with us

Web notifications

Accessibility Statement

Future US, Inc. Full 7th Floor, 130 West 42nd Street,

Please login or signup to comment

Please wait…