Security researcher Derek Knight discovered a new variant of locky ransomware which uses .ykcol extensions for encrypted files.
Security researcher Derek Knight discovered a new variant of locky ransomware which uses .ykcol extensions for encrypted files. The new ransomware variant is spread via invoice named spam emails which contain a 7 zip or 7z as attachments. When the attachment is opened, it contains a VBS file which will download and execute the locky payload. 
After the execution the ransomware scan the computer for files and encrypt them. After the encryption, it renames the file and adds .ykcol at the end. For the renaming the file it uses the format: [first_8_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[4_hexadecimal_chars]-[12_hexadecimal_chars].ykcol After the encryption locky removes the executable file and display a ransom note message which contains a link to a .onion payment portal where users are instructed to pay a ransom amount of 0.25 Bitcoin (about $995). 
It is still not possible for users to decrypt their files for free which are infected by .ykcol variant or any previous locky ransomware variant. You can try to restore your data using your computer's shadow volume copies, but in some cases, ransomware infects backup files also. To protect yourself from locky ransomware follow the below instructions :
- Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
- Maintain updated Antivirus software on all systems
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
- Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches