The Diamond Ransomware targets the data of its victims and leaves it in an unusable state. As is the case with most ransomware threats, the encryption process used by the threat is strong enough to make the restoration of the impacted files practically impossible without knowing the correct decryption key. All files locked by this malware will have '.diamond' attached to their original names. Finally, the Diamond Ransomware will create a new text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT' on the desktop of the breached devices.
Opening the file will reveal a ransom note delivering the instructions of the attackers. According to the message, victims of the Diamond Ransomware will have to pay a ransom, but the note doesn't reveal its amount. However, it does state that the cybercriminals will accept only payments made in Bitcoin. The hackers warn that after 72 hours, the ransom will be doubled. Victims will supposedly be allowed to send 2 locked files that will be unlocked for free.
The full text of Diamond Ransomware's note is:
'ALL YOUR DATA IS ENCRYPTED MILITARY ENCRYPTION !
Your PERSONAL id
If you want to get a decoder, you need to pay !
We only accept bitcoins !
With your mail firstname.lastname@example.org
we can decrypt 2 files proof of !
send us the id that is written in the ransom letter !
write id which is listed in the ransom note !
The price will be doubled in 72 hours !'