Diablo_diablo2@aol.com Ransomware
The 'Diablo_diablo2@aol.com' Ransomware is linked to a list of various other variants of the infamous Crysis Ransomware. The 'Diablo_diablo2@aol.com' Ransomware and other Crysis variants have spiked in Summer of 2016. Crysis was first observed in March of 2016. The 'Diablo_diablo2@aol.com' Ransomware belongs to a wave of Crysis variants that seems to include email addresses linked to comics (such as Batman) or, in the case of the 'Diablo_diablo2@aol.com' Ransomware, video games. Some examples of email addresses that have been linked to the latest wave of Crysis variants include:
Tactics
the 'Batman_good@aol.com'
The 'Diablo_diablo2@aol.com' Ransomware uses a sophisticated attack that can be difficult to recover from. Unfortunately, it is not possible to decrypt files that have been taken hostage by the 'Diablo_diablo2@aol.com' Ransomware. Because of this, the best method for dealing with the 'Diablo_diablo2@aol.com' Ransomware and other Crysis variants is to ensure that all files are properly backed up and that a fully updated security program is installed and operational so that it can intercept the 'Diablo_diablo2@aol.com' Ransomware and other threat attacks before they are installed.
The Latest Wave of Crysis Variants and the 'Diablo_diablo2@aol.com' Ransomware
There have been several distinct waves of Crysis variants released in Summer of 2016. The first wave of these used email address with @india.com domains was followed by variants using email addresses with the AOL domain. The following are examples of Crysis variants and their associated email addresses that have been spotted in the Summer of 2016:
- Eco_vector@india.com
- freetibet@india.com
- Cyber_baba2@aol.com
- siddhiup2@india.com
- gruzinrussian@aol.com
- ramachandra7@india.com
- goldman0@india.com
- centurion_legion@aol.com
- dalailama2015@protonmail.ch
- Vegclass@aol.com
- a_princ@aol.com
- TREE_OF_LIFE@INDIA.COM
- redshitline@india.com
- milarepa.lotos@aol.com
- Ecovector3@aol.com
- Eco_vector@aol.com
The 'Diablo_diablo2@aol.com' Ransomware is fairly typical. The 'Diablo_diablo2@aol.com' Ransomware may enter a computer through covert means, and then encrypts the victim's files using a strong encryption algorithm (making them inaccessible and taking them hostage) to demand the payment of a ransom through anonymous means (hence the term 'ransomware').
What follows are file extensions that have been associated with the 'Diablo_diablo2@aol.com Ransomware attack (the 'Diablo_diablo2@aol.com' Ransomware will search for the file types listed below, and encrypt them using its strong encryption algorithm):
.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.
The 'Diablo_diablo2@aol.com' Ransomware attack asks for the ransom by dropping text and HTML files on the victim's computer, targeting directories that contained files that were encrypted. The ransom notes alert the victim of the attack and demand that using BitCoins and TOR to preserve anonymity should carry out the payment. Malware analysts strongly advise computer users against paying the 'Diablo_diablo2@aol.com Ransomware's ransom, since there is no guarantee that the con artists will deliver the decryption key or help the victim in any way.
