Latest Locky Variant Encrypts with Ykcol Extension – IoCs and OTX

by Vertek Labs
As you can see, our labs team is still seeing Locky is being distributed in a lot of malspam campaigns. This is just a brief variant update. When infected with the ransomware, system files are now encrypted with extension .Ykcol (locky backwards)
OTX updated: https://otx.alienvault.com/pulse/598b06a8104ee74f496a4691/
Example of .Ykcol variant being distributed by Necurs botnet:
Recommended Posts
ProxyNotShell: Zero-Day Vulnerabilities in Microsoft Exchange Server
September 30, 2022

Follina: Microsoft Office Zero Day Vulnerability
June 3, 2022

Log4Shell Vulnerability
December 13, 2021