Ykcol Ransomware is newest version of previously described Locky ransomware. New variant uses RSA-2048 and AES-128 cryptographic algorithms and appends .ykcol to he end of all encrypted files. Virus also modifies filenames using the following template: [8_random_hexadecimal_characters]-[4_random_hexadecimal_characters]-[4_random_hexadecimal_characters]-[4_hexadecimal_chars]-[12_random_hexadecimal_characters].ykcol. In order to decrypt your files malware demands 0.25 BTC, which is on the date of writing this article is equivalent to $950. Ykcol Ransomware creates two files named ykcol.htm and ykcol.bmp, both contain instructions to pay the ransom and ID.
Hakunamatata Ransomware is new version of NMoreira Ransomware (NMoreira 2.0). Virus encrypts user files with RSA-2048 and AES-256 encryption algorithms and adds .hakunamatata suffix to affected files. After finishing infection process Hakunamatata creates file “Recovers files yako.html” on the desktop. Hackers offer users to contact them using Bitmessage system and pay the ransom. Amount of ransom is currently unknown, but likely it is somewhere between $300 and $1500. Decryption key is generated during encryption, and currently unknown. Therefore, there is no way to decrypt or restore files unless users has backup.
Spora Ransomware is advanced virus, that encrypts different types of files on Windows machines with RSA cryptography. Possibly, originates in Russia. Spora disables Windows Startup Repair, removes Shadow Volume copies, and modifies BootStatusPolicy, which makes it difficult to restore files using standard methods. In addition, private decryption key is also encrypted with AES cryptography, and currently the only way to return your files is restoring from backup (if you have it). Some of the features of Spora Ransomware are: it can work without internet connection, it doesn’t modify file names or file extensions. Ransom must be paid in BitCoins and estimates between $79 and $280, depending on the options user chooses.
Osiris Ransomware is newest variant of Locky ransomware. According to its name, new virus adds .osiris suffix to encrypted files and modifies filenames so they look like that: [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris. Osiris encrypts files with RSA-2048 and AES-128 algorithms that currently cannot be decrypted. Ransom is near 2.5 BitCoins (~$1880) and there is no earthly use to pay it. Osiris ransomware alters desktop background with typical image with text instructions. User can only make payment to anonymous Bitcoin wallets, so that police cannot keep track on malefactors.
.zzzzz Ransomware is another variant of Locky ransomware, that adds .zzzzz extension to encrypted files. Virus encodes user files with asymmetric encryption algorithm and modifies filenames with 32-digit alphanumeric code. This makes it difficult to discern where certain files are and complicates decryption. After completing encryption ransomware creates 3 files (-INSTRUCTION.html, _6-INSTRUCTION.html, and -INSTRUCTION.bmp) and replaces desktop background image. In this files virus contains texts to persuade users to pay the ransom. Ransom is actually quite big – 3 BitCoins or ~$2200.