News Security

eScan discovers Locky ransomware’s alter ego ‘Ykcol’

A new variant of Locky Ransomware has been discovered and has been spreading through a Spam Campaign with the Subject Line “Status of Invoice”. Moreover, the attachments are compressed using 7z, rather than using the .zip extension, which can easily be uncompressed by normal users.

Ykcol also tries to delete the Shadow Volume Copy so as to refrain the user from recovering the encrypted files. However, there would be instances when deletion of Shadow Volume files fails and victims would be lucky enough to recover from this attack.

MS Windows natively provides the users with the ability to extract files from .zip archives, while the users have to install 7z in order to extract from 7z archives. Due to this it seems the impact from this particular campaign of Locky would not have a major impact.

Unfortunately, as of this time, it is not possible to decrypt .ykcol for free.

Prevention Measures:

  • Administrators should block all executable files from being transmitted via emails.
  • Administrators should isolate the affected system in the Network.
  • Administrator can restore the encrypted files from the backup or from system restore point (if enabled) for affected systems.
  • Install and Configure eScan with all security modules active.
  • eScan Real Time Monitoring
  • eScan Proactive protection
  • eScan Firewall IDS/IPS Intrusion prevention
  • Users shouldn’t enable macros in documents.
  • Organizations should deploy and maintain a backup solution.
  • Most important, Organizations should implement MailScan at the Gateway Level for mail servers, to contain the spread of suspicious attachments.

Related posts

eScan Cyber Security Software Solutions Announces Strategic Partnership with TD SYNNEX to Enhance Cybersecurity Distribution

enterpriseitworld

Publicis Sapient to Create a BU for Google Cloud AI

enterpriseitworld

Skylark Opens OT Cybersecurity COE with Fortinet

enterpriseitworld
x