When Locky changes its extension

Locky, the crypto-ransomware is making headlines again. After its recent ‘.lukitus’ extension, it appears that the virus has added a new string to its bow since it became ‘.ykcol’, a few weeks ago. This new extension, which is a backwards version of its original name, brings no changes to the how the virus works.

The new Locky design, following a brief facelift over the summer, was identified during analysis by our Breach Fighter tool. Our analysts noticed the extension change while analyzing and blocking spam campaigns.

To learn more about this new wave of cyber attacks, see the Zdnet article (in English).

Share on