Unfortunately, at this time it is still not possible to decrypt .asasin or .ykcol files encrypted by the Locky Ransomware for free.
Cybercriminals behind the Locky ransomware have revamped the malware’s code three times in 30-day period and blasted out massive spam campaigns. According to researchers at Trustwave, the latest variant of Locky ransomware is called Ykcol (that’s Locky spelled backwards) and was part of a Sept spam blast targeting more than 9 million inboxes within a 6 days. Messages were sent from a notorious Necurs botnet.
Today a new Locky Ransomware variant was released that now uses the .asasin extension for encrypted files.
It is important to note that if you are infected with this ransomware, you are not infected with the Asasin Ransomware, as some sites may call it. You are instead infected by Locky, which is using the .asasin extension. This variant is currently being distributed via spam emails that have a subject line similar to “Document invoice_xxx_return.pdf ” and is being spoofed to appear from legisy companies with the email genuine emails.
There really are not much differences between this variant and the previous ykcol variant. The biggest change is that when this variant encrypts a file it will modify the file name and append the asasin extension. When renaming the file, it uses the format xxx.asasin.
Unfortunately, at this time it is still not possible to decrypt .asasin files encrypted by the Locky Ransomware for free. The only way to recover encrypted files is via a backup. Tier3 can help its customers in protection against such Ransomware threats.
How ever a point to be noted is that since last variant Diablo to Ykcol the cost of ransom dropped from .5 bitcoins to .25 bitcoins or from $2000-$2500 to $1000-$1250.