Diablo6 is a file extension that any software cannot process. It is not meant for that. The extension is a hallmark of the notorious Locky encryption-for-ransom revival.
The Locky ransom Trojan has been around long since. However it was once a major and even No. 1 malware, it has been nearly out of the big game long enough to suspect it is gone for good.
On August 9, 2017, IT security registered a major surge of Locky distribution, first for a long period of time. The campaign that spreads the virus unfolds at astonishing scale. There is a good chance that the Diablo6 ransomware becomes a top threat of this August proving the deadly Locky Trojan is still alive.
Extortion trojans excel in their scrambling attacks. The encryption they imply is stronger than any computation power existing so far. That is to say, you may theoretically calculate a decipher for the data scrambled by ransomware. However, even with the most powerful computer available to the humanity, the computations would take hundreds of years.
Meanwhile, the distributing tactics for such malware remain remarkably simple. Their only advantage is the quantity, which, sooner or later, converts into quality. In the case of Diablo6 extension, the infection vectors features a spam campaign. The scammers circulate email through their spam-bases. The email is titled with a random name of a docx file. Actually, the name is not quite arbitrary; it follows a strict patter. This includes a date close to or same as the email dispatching date, preceded by a random letter and followed by random numbers. For instance, E 2017-08-09 (698).docx is a popular subject line for email that drops Diablo6 ransomware. The email contains the infecting attachment under the same name as the email subject line. As regards the message body, it is typically as simple as that: “Files attached. Thanks”.
The attachment is a zip file. Its name corresponds to the name of the subject line (except the extension). Its unpacking introduces a VBS script. As the script executes it connects to the URL that it contains. This downloads the installer for Diablo6 Locky ransomware into Temp Directory.
An installed copy of the trojan detects all the drives and the other media available from the host device. The encryption covers most of the files detected, few exemptions ensure the system remain alive so that the victims read the ransom note immediately from the compromised device. This ransom note is available from diablo6-[XXXXXX].htm, where XXXXXX is a set of random characters.
Apart from encrypting the data proper, the locky ransomware also turns the file name into a gibberish. The file names and contents undergo encryption with a combination of RSA and AES ciphers.
Once the encryption payload completes, the Diablo6 Trojan removes its executable, The victims are supposed to contact the scammers and pay the ransom amounting to USD 1,5 to 2k in Bitcoins. Instead, if you have you files hit by the encrypting evilware, proceed with the smart workarounds below to recover your affected data.
Automatic removal of Diablo6 File Virus
The benefits of using the automatic security suite to get rid of this infection are obvious: it scans the entire system and detects all potential fragments of the virus, so you are a few mouse clicks away from a complete fix.
- Download and install recommended malware security suite
- Select Start Computer Scan feature and wait until the utility comes up with the scan report. Proceed by clicking on the Fix Threats button, which will trigger a thorough removal process to address all the malware issues compromising your computer and your privacy.
Restore files locked by Diablo6 File Virus
new Locky variant aka Diablo6 File Virus represents a unique category of malicious software whose attack surface reaches beyond the operating system and its components, which is why removing the virus itself is a part of the fix only. As it has been mentioned, it encrypts one’s personal information, so the next phase of the overall remediation presupposes reinstating the files that will otherwise remain inaccessible.
Launch data recovery software
Similarly to the rest of its fellow-infections, Diablo6 File Virus most likely follows an operational algorithm where it erases the original versions of the victim’s files and actually encrypts their copies. This peculiarity might make your day, because forensics-focused applications like Data Recovery Pro are capable of restoring the information that has been removed. As the virus further evolves, its modus operandi may be altered – in the meanwhile, go ahead and try this.
Take advantage of Volume Shadow Copy Service
This technique is based on using the native backup functionality that’s shipped with Windows operating system. Also referred to as Volume Snapshot Service (VSS), this feature makes regular backups of the user’s files and keeps their most recent versions as long as System Restore is on. Diablo6 File Virus ransomware hasn’t been found to affect these copies therefore the restoration vector in question is strongly recommended. The two sub-sections below highlight the automatic and manual workflow.
- a) Use Shadow Explorer
Shadow Explorer is an applet that provides an easy way of retrieving previous versions of files and folders. Its pro’s include an intuitive interface where the computer’s entire file hierarchy is displayed within one window. Just pick the hard disk volume, select the object or directory to be restored, right-click on it and choose Export. Follow the app’s prompts to get the job done.
- b) Use file properties
Essentially, what the above-mentioned Shadow Explorer tool does is it automates the process that can otherwise be performed manually via the Properties dialog for individual files. This particular approach is more cumbrous but just as effective as its software-based counterpart, so you can proceed by right-clicking on a specific file, which has been encrypted by Diablo6 File Virus, and selecting Properties in the context menu. The tab named Previous Versions is the next thing to click – it displays available versions of the file by date of the snapshot creation. Pick the latest copy and complete the retrieval by following the prompts.
Data backups work wonders
Ransomware like Diablo6 File Virus isn’t nearly as almighty and destructive in case you run regular file backups to the cloud or external data media. The virus itself can be completely removed in a matter of minutes, and the distorted information can then be just as easily recovered from the backup. Luckily, this is a growing trend, so ransom Trojans are hopefully going to become less subversive in the near future.
Verify thoroughness of the removal
Having carried out the instructions above, add a finishing touch to the security procedure by running an additional computer scan to check for residual malware activity