The ‘.locky File Extension’ Ransomware’s authors just launched another massive spam e-mail campaign, which appears to target users spread across multiple continents, and it contains the payload of the Locky Ransomware‘s latest variant – the Locky Diablo6 Ransomware. This variant uses the ‘.diablo6’ extension to mark the encrypted files and, unfortunately, it is also impossible to decrypt them without the help of its operators.

The target audience of the Locky Diablo6 Ransomware appears to be very diverse since the fraudulent e-mails were received by both regular users and businesses. The e-mail message may concern to a pending invoice or delivery package information, and it usually urges the victim to download a macro-laced document whose execution may deploy the Locky Diablo6 Ransomware’s payload to the victim’s hard drive.

When the Locky Diablo6 Ransomware is launched successfully, and there isn’t an anti-virus protection in place to stop it, it will proceed to scan the local hard drives and encrypt files that use certain file extensions like JPG, GIF, BMP, PNG, DOC, DOCX, XLS, XLSX, PPT, ZIP, RAR, SQL, PDF, etc. quickly. Unlike other crypto-threats, the Locky Diablo6 Ransomware will not just tamper with the original file extension, but it also will change the file’s entire name by using the following naming pattern – [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].Diablo6.

Just like some of Locky’s previous variants like the ‘.odin File Extension’ Ransomware, the Locky Diablo6 Ransomware also wipes the Shadow Volume Copies and disables the System Restore service to limit the user’s file recovery options. If everything goes according to the ransomware’s plan, the threat will proceed to deploy three ransom messages found in the files – Diablo6.html, Diablo6_[4_digit_number].html, and Diablo6.bmp. It appears that the ransom sum is fixed to 0.15 BTC, and the victims can use a TOR-based payment page to complete the payment, as well as to receive further instructions.

Unfortunately, the Locky Ransomware has turned out to be one of the most well-crafted file lockers, and it would be impossible for victims to recover their data unless the operators opt to release the decryption keys for free. While the lack of free file recovery alternatives is certainly a reason to worry, we assure you that paying the 0.15 BTC, which the Locky Diablo6 Ransomware’s authors demand is not a reliable way to solve the problem. They promise to provide their victims with a Locky Decryptor as soon as the payment is complete, but there have been many cases where victims of ransomware paid the fee only to end up empty-handed.

When dealing with un-decryptable files, you should remember that you can’t trust the people who locked up your files! Paying them would be a mistake because you might get nothing in return, and it is almost certain that your money would be used to fund future threats. The best thing you can do for now is use an anti-malware tool to dispose of the Locky Diablo6 Ransomware with the assistance of a security scanner.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]