A new variant of Locky Ransomware has been discovered and has been spreading through a Spam Campaign with the Subject Line "Status of Invoice".
Moreover, the attachments are compressed using 7z, rather than using the .zip extension, which can easily be uncompressed by normal users.
Ykcol also tries to delete the Shadow Volume Copy so as to refrain the user from recovering the encrypted files. However, there would be instances when deletion of Shadow Volume files fails and victims would be lucky enough to recover from this attack.
MS Windows natively provides the users with the ability to extract files from .zip archives, while the users have to install 7z in order to extract from 7z archives. Due to this it seems the impact from this particular campaign of Locky would not have a major impact.
Extension: .ykcol (reverse of the word Locky)
Filename Format: [first_8_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[4_hexadecimal_chars]-[12_hexadecimal_chars]
Unfortunately, as of this time, it is not possible to decrypt .ykcol for free.
Prevention Measures: