Diablo_diablo2@aol.com Ransomware
Posted: August 30, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 49 |
| First Seen: | August 30, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The 'Diablo_diablo2@aol.com' Ransomware is a Trojan generated by a general kit specializing in corrupted file encryption campaigns. Besides encrypting your data, the 'Diablo_diablo2@aol.com' Ransomware drops ransom messages onto your PC that suggest paying the campaign's threat actors to get access to a data-restoring decryptor. Since current evidence suggests the futility of such payments, malware experts advise your using anti-malware solutions for uninstalling the 'Diablo_diablo2@aol.com' Ransomware and backups for undoing its damage.
The Devil's in the Details of Your Files
Usually, the successful operation of ransomware-style Trojan campaigns calls for varying levels of deception that misdirect their victims into performing non-beneficial actions, such as paying a ransom to a con artist. A threat actor may claim that their Trojan has notable credentials (such as being a re-release of the CryptoLocker), exaggerate the strength of their encryption algorithm or use fake countdowns with no consequences for hitting zero. The 'Diablo_diablo2@aol.com' Ransomware uses the simplest falsehood of all: pretending to sell the victims a way to recover their data and ignoring all messages after the payment.
The 'Diablo_diablo2@aol.com' Ransomware is an offshoot of a CrySiS-based threat operating under the same individuals administrating the 'Batman_good@aol.com' Ransomware, 'Legioner_seven@aol.com' Ransomware, and 'Seven_legion@aol.com' Ransomware. Malware experts do observe this group of con artists making targeted attacks that brute force weak passwords for server accounts, but similar Trojans often use e-mail infection vectors. The installation route doesn't change the 'Diablo_diablo2@aol.com' Ransomware's payload, which includes the following:
- The 'Diablo_diablo2@aol.com' Ransomware searches for file formats without any significant Windows dependencies and encrypts them, initially with AES and then applying an RSA algorithm to the corresponding key.
- Any data affected by the above attack also includes name modifications, most obviously, the e-mail address of the Trojan's extortionists, and the '.xtbl' extension.
- The 'Diablo_diablo2@aol.com' Ransomware may replace your desktop's background image with one of its choices. Typically, this image includes a brief summary of the attack's effects (the encryption of your files).
- The Trojan also creates one or more text notes ('How to decrypt your files.txt') that provide detailed instructions on paying a ransom and, supposedly, getting a working decryptor in return.
The Simplest Trick to Dispel a Demon of a Trojan
Even though the 'Diablo_diablo2@aol.com' Ransomware makes its profits off of selling decryption help to its victims, its threat actors take their payments but ignore any new messages from that point onward. Malware experts caution against mistaking the key-generating programs often provided by this group for a full decryption service. Most ransom negotiations will include a link to the former, but only to mislead the victims while they make their payments.
Since the prospects of decrypting the 'Diablo_diablo2@aol.com' Ransomware's damaged files are marginal, PC owners will want to keep extra backups that reduce their dependency on breaking the encryption cipher. Double-checking accounts for strong passwords and scanning likely infection methods, such as e-mail content, can block the vulnerabilities responsible for this Trojan's installation.
Even the vindictiveness of attacking someone else's computer files pales in comparison to offering a solution to the problem and snatching it out of the target's grasp. Almost always, responsive anti-malware software is an acceptable cure-all for removing the 'Diablo_diablo2@aol.com' Ransomware and depriving a set of particularly duplicitous con artists of their anticipated ransoms.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.