Diller13 Ransomware Description
The Diller13 ransomware is a malware that is loosely related to the Scarab ransomware family. Diller13 has closer ties to a more immediate predecessor - the Maoloa ransomware.
This particular strain was detected and described by security researcher Amigo-A on Twitter in mid-2019. The ransomware appends the ".diller13" extension to scrambled files and puts its ransom note in a file named "how_to_back_files.html". The only thing that is certain about Diller13 ransomware is that its developers are not native English speakers. Here is the full text of the ransom note:
All your data has been ciphered!
The only way of recovering your files is to buy a unique decryptor.
A decryptor is fully automatical, all your data will be recovered within a few hours after it's installation.
For purchasing a decryptor contact us by email:
diller13 at protonmail dot com
If you get no answer within 24 hours contact us by our alternate emails:
diller13 at cock dot li
We assure full recovery after the payment.
To verify the possibility of the recovery of your files we can decipher 1 file for free.
Attach 1 file to the letter (no more than 25mb). Indicate your personal ID on the letter:
[long hexadecimal chunk]
In reply we will send you an deciphered file and an instruction for purchasing an automatical decryptor for all your files. After the payment we will send you a decryptor and an instructions for protecting your computer from network vulnerabilities.
Only diller13 at protonmail, diller13 at cock dot li can decipher all your files.
Launching of antivirus programs will not help.
Changing ciphered files will result in a loose of data.
Attempts of deciphering by yourself will result in a loose of data.
Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.
The best way to avoid ransomware infections like Diller13 entirely is to use a fully-featured anti-malware suite that includes anti-ransomware capabilities and can stop the encryption process before it has a chance to ruin your files.