.Ykcol File Extension Ransomware : New Variant of Locky Ransomware
According to the research report, .ykcol File Extension Ransomware is the latest variant of the most destructive Locky Ransomware virus. It uses a combination of AES-128 and RSA-2048 ciphers in order to encrypt the victim's files and makes them inaccessible by appending a weird file extension identified as '.ykcol'. After encoding the files stored on the victim's machine, it drops two files named 'ykcol.htm' and 'ykol.bmp' onto the system's desktop. The developers of Locky ransomware now selected the new name for the malware by just reversing the name of previously detected file-encoder virus. Moreover, .ykcol File Extension Ransomware is currently propagated through spam email attachments which delivers a compromised file or embedded a link.
Once the targeted computer users clicked on the embedded or open the file attached onto it, then the malicious scripts gets executed and install the malware onto the machine. Although, the above-mentioned file name works as a ransom note which displays right after .ykcol File Extension Ransomware encrypts the file stored onto the compromised PC. The file identified as 'ykol.bmp' will be set as a desktop wallpaper image and the another one 'ykol.htm' opens through the Internet browser and provides a link which leads you to the ransom payment portal that can only be accessible via Tor browser. Hence, to preview the content of the website known as ransom payment page, users need to download the Tor browser onto their computer and then visit '.onion' domain through it.
How Does .ykcol File Extension Ransomware Work?
The payment portal over the Tor network displays a 'Locky Decryptor', which is supposedly a decryption utility offered by the virus developers. While previous version of this malware demands a half a bitcoin as a ransom money, but this time, the cyber extortionists demand 0.25 BTC. However, since then the value of Bitcoin has been increased, the amount of ransom money that .ykcol File Extension Ransomware demands is now equal to 100 USD, based on current exchange rate which is considered as a high price for the file decryption. Cyber security researchers recommend ignoring the hacker's demands and suggest using other available data recovery methods to restore the files encoded by it instead of paying ransom fee to the criminal hackers and boosting their moral. So, you should remove the ransomware from your system immediately and rely on backup copies for data recovery.
Remove .ykcol File Extension Ransomware From Your PC
Step 1: Remove .ykcol File Extension Ransomware in Safe Mode with Command Prompt
- First of all disconnect your PC with network connection.
- Click restart button and keep pressing F8 key regularly while system restart.
- You will see “Windows Advanced Options Menu” on your computer screen.
- Select “Safe Mode with Command Prompt” and press Enter key.
- You must login your computer with Administrator account for full privilege.
- Once the Command Prompt appears then type rstrui.exe and press Enter
- Now follow the prompts on your screen to complete system restore.
Step 2: Remove .ykcol File Extension Ransomware using MSConfig in Safe Mode:
- Power off your computer and restart again.
- While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.
- Use the arrow keys to select “Safe Mode” option and press Enter key.
- Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.
- Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:
- Disable all the malicious entries and save the changes.
- Now restart your computer normally.
Step 3 : Kill Malicious Process Related To .ykcol File Extension Ransomware
- Press Alt+Ctrl+Del buttons together.
- It will open the Task manager on your screen.
- Go to Process Tab and find .ykcol File Extension Ransomware related process.
- Click the End Process Now button to stop the running process.
Step 4 : Remove .ykcol File Extension Ransomware Virus From Registry Entry
- Press “Windows + R” key together to open Run Box.
- Type “regedit” and click OK button.
- Find and remove .ykcol File Extension Ransomware related entries.
Now hopefully you have completely removed the .ykcol File Extension Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.
Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the .ykcol File Extension Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.
If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.