Diablo6 – a variant of Locky Ransomware

Many ransomwares continue to spread because email is ubiquitous and users are not cautious to maintaining cyber security. Such is an example of the latest ransomware – Diablo6, a variant of an older Locky ransomware.

A spam mail with subject as E [random date]( random number). docx and an attachment of a Zip with the same name is present. The Zip file contains a VBS downloader script containing URLs to download Locky ransomware executables.

This ransomware once downloaded encrypts all the files in the system using RSA-2048 and AES-128 cryptographies, change their names to the following format with diablo6 extension to them. Additionally, the folder contains a ransom note in the format diablo6-[random].htm and an image diablo6.bmp which will be set as your desktop wallpaper. The files are renamed as following :

As double encryption technique is being used in this hack, along with the data the decryption key is also encrypted and set to the hackers in encrypted format. So there is no way to decrypt the files, unless by using backup files for the system. Hence designing your backup strategies wisely is of utmost importance.

Know more on Backup strategies by downloading our ebook.

Hackers demand a huge ransom in order to retain the affected files and reverse the system back to normal via a ransom note (displayed in the below picture). But it is always advisable not to give in to hackers demands and seek for other alternatives in getting back your systems in shape because it’s no guarantee that once you pay the ransom, your system will be retained. Many a times, cyber criminals have just disappeared with the money.

Thus, it is very important to have a good Data Loss Prevention (DLP) plan in place even beforeyou face any such ransomware crisis. With DLP in place, you can always roll back to the last good data, and your business is back in place without paying huge ransoms to cyber criminals.