Locky Diablo6 Ransomware

Locky Diablo6 Ransomware Description

Type: Ransomware

The Locky Diablo6 Ransomware is an encryption ransomware Trojan released in August 2017. Knowing whether the Locky Diablo6 Ransomware encrypted your files is quite simple because the Locky Diablo6 Ransomware renames all the files it encrypts following a characteristic-naming scheme. If your documents have been encrypted and renamed to match the following pattern, then it is certain that the Locky Diablo6 Ransomware is the culprit:

[8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].Diablo6

Ransomware Trojans like the Locky Diablo6 Ransomware use a well-known attack method, which involves using strong encryption algorithms (in this case a combination of the AES 256 and RSA 2048 encryptions) to make the victim's files inaccessible. Then, they demand the payment of a ransom from the victim. In the case of the Locky Diablo6 Ransomware, the ransom is of 0.15 Bitcoin, approximately 300 USD at the current exchange rate. The Locky Diablo6 Ransomware will deliver its ransom note in three files:

  1. Diablo6.html
  2. Diablo6_[4_digit_number].html
  3. Diablo6.bmp

A Superficial Look at the Locky Diablo6 Ransomware Infection

The Locky Diablo6 Ransomware will target all versions of Windows. The Locky Diablo6 Ransomware uses a strong combination of encryption algorithms to make the victim's files unusable. In its attack, the Locky Diablo6 Ransomware will target the following file types:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.

The Locky Diablo6 Ransomware demands the payment of a ransom by delivering a ransom note to the victim after encrypting the victim's files. The Locky Diablo6 Ransomware ransom note contains the following text:

'IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
hxxps://en.wikipedia.org/wiki/RSA_(cryptosystem)
hxxps://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
[edited]
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxps://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: [edited]
4. Follow the instructions on the site.
!!! Your personal identification ID: [edited]'

Dealing with the Locky Diablo6 Ransomware

The Locky Diablo6 Ransomware poses a significant threat to the victim's data since it is not viable to recover the files affected by this attack. Because of this, the best protection against the Locky Diablo6 Ransomware (and most other encryption ransomware Trojans) is to have an effective file backup method. Having file backups on an external memory device, an unmapped hard drive, or the cloud means that the victims of the Locky Diablo6 Ransomware attack can recover their files by restoring the affected files from the backup copy, removing any leverage the people responsible for the Locky Diablo6 Ransomware hold over the victim effectively. Secure file backups, coupled with strong security software, is the best protection against the Locky Diablo6 Ransomware and other encryption ransomware Trojans.

Technical Information

File System Details

Locky Diablo6 Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 diablo6.htm fc2d696b5729d08fd14070919edc751e 0

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.