Within less than a month, 2 new version of Locky ransomware have been released. YKCOL, locky spelled backwards and ASASIN extension. It came to light in a spam blast to 3 million mail-boxes on 19th September within 3 hours. ASASIN another variant has appeared on 10th October.
The ykcol ransomware follows the same convention as a previous Lukitus version of the Locky, it has multiple Game of Thrones references when it is holds the victim. The ykcol variant tries to lure users to click-open the malicious attachment using subject lines that are like messages from usernames or as invoice notifications.
It encrypts the system files with ‘.ykcol’ or ‘.asasin’ extension and the ransom note version is available for next instructions. Also, the ransomware uses several variations of ransom notes and victims need a Tor browser to access the URL provided in the ransom notes. One interesting thing is, if victims are infected with Ykcol they are infected with Asasin version. Although both are similar but both have their own unique problems.
The good news is, the current spread of the ransomware is broken due to malformed spam campaign. The problem is whoever is distributing the spam emails is not adding the attachments correctly causing the attachments to not be visible to recipient other than as a blob of base64 encoded text. Even if the attachments were working the attachments are 7zip, or .7z, archives which most people wouldn’t know how to open.
The sad part is- locky ransomware still remains un-decryptable on a free basis. The encryption is so strong that it either needs a backup or ransom be paid to gain access. This is the main reason the ransomware strand doesn’t cease and comes back in some variation or other. Until a permanent solution to the problem is found, Locky will keep on surfacing in one form or the other.
Solutions-
There are a couple of things every user/company should take care-
- Take regular backups.
- Do not open attachments from unknown senders.
- Scan attachments before opening them.
- Use internet security an email scanning tools.
- Update and patch existing software including the Operating system.
- Use complicated passwords and never use the same passwords for multiple sites.
Being aware and cautious is the best prevention. Once a victim, nothing can save the system. Therefore, prevention is the best protection against any cyber-attack.
