How to remove Ykcol Ransomware and decrypt .ykcol files

October 23, 2017 Tim Kas 0

Ykcol is new ransomware virus from Locky ransomware family. It uses RSA-2048 and AES-128 cryptography to encrypt user data. After encryption ransomware appends .ykcol extension to all affected files and modifies filenames using certain pattern. Malware changes filenames to random combination of 36 letters with the following sequence: [8_random_letters]-[4_random_letters]-[4_random_letters]-[8_random_letters]-[12_random_letters].ykcol. Malefactors offer users to decrypt their files for 0.15 BTC (Bitcoins) or ~290$. As a rule, no decryption key is sent after the payment. Malware also creates 3 files: Ykcol.html, Ykcol_[4_digit_number].html, and Ykcol.bmp.

How to remove WannaCry ransomware and decrypt .WNCRY files

May 16, 2017 Tim Kas 0

WannaCry Ransomware new dangerous encrypting virus, that targets sensitive user files like documents, photos, videos, music and infected more then 250000 machines worldwide. Unfortunately, currently there are no way to restore your files, but there is no point to pay the ransom either, as malefactors never send the key. Threat developers earned more the $50000 in a few days since several hundreds of users paid the demanded amount. There is no information whether they received decryption service or not.

How to remove Spora ransomware and decrypt your files

March 3, 2017 Tim Kas 1

Spora Ransomware is file encryption virus possibly originating in Russia. It encrypts user files, documents, photos, videos using RSA encryption. Spora does not rename encrypted files. During the process virus generates private key, that, in turn, encrypted with AES encryption. Spora Ransomware is complex infection and certain efforts needed to break it encryption. Currently antivirus companies are unable to find decryption key, and the only way to restore files infected by Spora is backup.