When Locky changes its extension
Published on: 20 09 2017 | Modified on: 22 08 2018
Locky, the crypto-ransomware is making headlines again. After its recent ‘.lukitus’ extension, it appears that the virus has added a new string to its bow since it became ‘.ykcol’, a few weeks ago. This new extension, which is a backwards version of its original name, brings no changes to the how the virus works.
The new Locky design, following a brief facelift over the summer, was identified during analysis by our Breach Fighter tool. Our analysts noticed the extension change while analyzing and blocking spam campaigns.
— coldshell (@coldshell) 18 septembre 2017
To learn more about this new wave of cyber attacks, see the Zdnet article (in English).