.YKCOL File

A YKCOL file is a file encrypted by the Locky Virus, a trojan horse utilized by cybercriminals. It contains a user's file, such as a .PDF or .WMV file, encrypted with the Locky Virus. YKCOL files became prevalent in 2017 and are similar to .LOCKY files.

The Locky virus is highly dangerous malware. It is commonly referred to as ransomware, where the purpose of the virus is to take your files hostage and force you to pay the perpetrator (typically by way of bitcoin) to unlock your files.

The virus is commonly introduced through spam emails titled "Status of invoice" with a .7Z attachment, which is a .VBS file compressed with 7-Zip compression. If you download the 7Z file and decompress it, the VBS file is run and the virus begins scrambling your files, renaming them with the ".ykcol" extension, and encrypting them. The virus then generates a .BMP (ykcol.bmp) or .HTM (ykcol.htm) ransom note informing you of the takeover and what you need to do to recover your files.

Unfortunately, there is no program currently available to effectively restore your files. If you backup your files you can execute a full system restore. Otherwise, the only known way to decrypt your infected files is to pay the perpetrator for the private key and decrypt program.

NOTE: YKCOL is LOCKY backwards.