0861 00 JTWO (5896)

News Alert: Malware traffic through Spam is pushing Diablo6 variant of Locky @J2CS:

A new Locky Spam Malware campaign that is actively propagating a new Locky variant that appends the .diablo6 extension to your files.

Background:

Since the first quarter of last year locky has been plaguing every conceivable industry and is considered one of the major menaces of 2016. Its effective global spam delivery mechanism, combined with the constant release of variants with new evasion techniques, helped a lot with its success in the tightly packed ransomware competition.

There were so many releases that there even came a point when they created some confusion regarding naming the new variants.

Its massive distribution marathon eventually slowed down earlier this year, and we have not seen it in any major malware activity analysis ever since.

Indicators:

This campaign is being distributed through spam emails that contain subject lines:

E [date] (random_numer).docx. 

The message body simply states "Files attached. Thanks".

J21

When Locky has finished encrypting the computer, it will remove the downloaded executable and then display a ransom note that provides information on how to pay the ransom.  The names of these ransom notes have changed for this version to diablo6-[random].htm.

j22

Is it possible to decrypt the Locky Ransomware Diablo6 Variant?

  • Unfortunately, at this time it is still not possible to decrypt .diablo6 files encrypted by the Locky Ransomware for free.
  • The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies.

Can I protect myself against this and similar threats?

Contact us at J2 as we are always here to help - Let us Be Vigilant and Keep You Safe! -

#locky #.diablo6 #ransomware #Spam #vb