Diablo6 Ransomware Emerges to Spread Worldwide as New Variant of Locky

In 2017 ransomware threats have been the predominant pest troubling users. The ransomware threat we're going to be talking about today was discovered very recently and is called Diablo6 Ransomware. It isn't an entirely new threat that we know nothing about, though. The pest is a new variant of the notorious Locky Ransomware. Locky Ransomware first appeared in the first months of 2016, and it quickly spread worldwide becoming one of the most successful ransomware threats ever. With each new version of it, there are naturally some alterations.

Propagation of Diablo6 Ransomware

The Diablo6 Ransomware attack is not concentrated within a country or a region. Instead, it's being spread all around the world regardless of location. Diablo6 Ransomware isn't very picky with who it chooses to attack either. This threat doesn't discriminate – whether it's a company, an institution or a regular user – they're all on Diablo6 Ransomware's radar.

Diablo6 Ransomware's propagation method is the good old mass email spam campaign. The emails contain a corrupted file in the shape of a document. The email attempts to trick the user into opening the fraudulent file by stating that it's an invoice or information about a pending delivery. The malicious text file is macro-laced. This means that if opened, the file will release the malware payload onto the victim's system.

Encrypting Your Files

In case there's a lack of a reliable anti-malware software on the system Diablo6 Ransomware will continue its mission uninterrupted. The ransomware threat would perform the usual scan to find the files it's meant to encrypt. The file types that Diablo6 Ransomware targets are a very wide range including the popular ones using extensions such as .docx, .zip, .gif, .pdf, .jpg, .ppt, .png, etc. Furthermore, just to make sure it would really ruin your day, Diablo6 Ransomware would also alter the names of the files so you wouldn't know exactly which of your files have been locked. This is usually done to further confuse the victim and prevent them from assessing the importance of the files that have been encrypted. Instead of the name the user had given their file, after encryption, its name would seem like a long load of nonsense. This, in first glance, soup of letters and numbers actually follows a certain pattern, namely - [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].Diablo6. Diablo6 Ransomware employs a very secure combination of AES and RSA encryption algorithms. This makes it impossible to decrypt unless you have the two decryption keys required. Unfortunately, these keys are kept on a remote server to which only the Diablo6 Ransomware's authors have access.

The Ransom Note

After encrypting the targeted files, Diablo6 Ransomware would proceed to drop a ransom note, in the shape of two files, on the victim's desktop – diablo6.htm and diablo6.bmp. The latter file would also be set as the victim's wallpaper. The sum demanded in exchange for the decryption keys is 0.5 Bitcoin which is around $2000. You would be instructed to visit Diablo6 Ransomware's website in order to find out more on how to make a payment.

Malware researchers have yet to develop a free decryption tool and the only hope for unlocking your files without paying up the ransom would be if the cyber criminals behind Diablo6 Ransomware, by some leap of fate, decide to release the keys for free. However, it's crucial to mention that paying the ransom does not in any way guarantee that you will get the decryption keys promised as they often just take the victim's cash and vanish like smoke. It's not a huge surprise that promises made by cyber criminals are not to be trusted. Thus, prevention is the best option you have. Make sure you don't end up in this, mildly worded, unpleasant situation. Install a legitimate and secure anti-malware suite and keep all your software up to date.