Locky, the crypto-ransomware is making headlines again. After its recent ‘.lukitus’ extension, it appears that the virus has added a new string to its bow since it became ‘.ykcol’, a few weeks ago. This new extension, which is a backwards version of its original name, brings no changes to the how the virus works.
The new Locky design, following a brief facelift over the summer, was identified during analysis by our Breach Fighter tool. Our analysts noticed the extension change while analyzing and blocking spam campaigns.
#Locky (new extension: .ykcol ) payload delivery domains (VBS 18/09/2017)https://t.co/jktqdHM0d2 https://t.co/C5pHyx7ViZ @Racco42 @h3x2b pic.twitter.com/AAuCJcgrSM
— coldshell (@coldshell) 18 septembre 2017
To learn more about this new wave of cyber attacks, see the Zdnet article (in English).
