Locky Diablo6 Ransomware
The Locky Diablo6 Ransomware is an encryption ransomware Trojan released in August 2017. Knowing whether the Locky Diablo6 Ransomware encrypted your files is quite simple because the Locky Diablo6 Ransomware renames all the files it encrypts following a characteristic-naming scheme. If your documents have been encrypted and renamed to match the following pattern, then it is certain that the Locky Diablo6 Ransomware is the culprit:
[8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].Diablo6
Ransomware Trojans like the Locky Diablo6 Ransomware use a well-known attack method, which involves using strong encryption algorithms (in this case a combination of the AES 256 and RSA 2048 encryptions) to make the victim's files inaccessible. Then, they demand the payment of a ransom from the victim. In the case of the Locky Diablo6 Ransomware, the ransom is of 0.15 Bitcoin, approximately 300 USD at the current exchange rate. The Locky Diablo6 Ransomware will deliver its ransom note in three files:
- Diablo6.html
- Diablo6_[4_digit_number].html
- Diablo6.bmp
Table of Contents
A Superficial Look at the Locky Diablo6 Ransomware Infection
The Locky Diablo6 Ransomware will target all versions of Windows. The Locky Diablo6 Ransomware uses a strong combination of encryption algorithms to make the victim's files unusable. In its attack, the Locky Diablo6 Ransomware will target the following file types:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
The Locky Diablo6 Ransomware demands the payment of a ransom by delivering a ransom note to the victim after encrypting the victim's files. The Locky Diablo6 Ransomware ransom note contains the following text:
'IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
hxxps://en.wikipedia.org/wiki/RSA_(cryptosystem)
hxxps://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
[edited]
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxps://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: [edited]
4. Follow the instructions on the site.
!!! Your personal identification ID: [edited]'
Dealing with the Locky Diablo6 Ransomware
The Locky Diablo6 Ransomware poses a significant threat to the victim's data since it is not viable to recover the files affected by this attack. Because of this, the best protection against the Locky Diablo6 Ransomware (and most other encryption ransomware Trojans) is to have an effective file backup method. Having file backups on an external memory device, an unmapped hard drive, or the cloud means that the victims of the Locky Diablo6 Ransomware attack can recover their files by restoring the affected files from the backup copy, removing any leverage the people responsible for the Locky Diablo6 Ransomware hold over the victim effectively. Secure file backups, coupled with strong security software, is the best protection against the Locky Diablo6 Ransomware and other encryption ransomware Trojans.
SpyHunter Detects & Remove Locky Diablo6 Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | diablo6.htm | fc2d696b5729d08fd14070919edc751e | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.