Issue: How to Recover Files Encrypted by Diablo6 Ransomware?
I think my computer was infected with a virus! My desktop wallpaper was changed, and I also found a diablo.htm file on the desktop.
All my files (on the desktop as well as in other folders) were corrupted and renamed strangely. They have .diablo6 file extensions now, too. I followed the instructions in the HTM file and accessed a web page that sells “Locky decryptor.” Is this some kind of joke or am I dealing with something serious? I want to recover files now!
Diablo6 is a ransomware virus that belongs to Locky malware family. This virus is currently being pushed via a massive spam campaign that sends emails to potential victims with a ZIP attachment that contains ransomware downloader (VBS file). Once executed, the VBS file downloads Locky Diablo6 to the computer and lets it encrypt all of the victim's data.
The ransomware uses RSA-2048 and AES-128 ciphers with ECB mode to securely lock victim’s files. The virus uses .diablo6 file marker to sign each encrypted file. Earlier Locky’s versions were using .osiris, .zepto, .aesir, .odin, .loptr and other file extensions. As soon as the virus successfully corrupts victim’s files, it drops a ransom note diablo6.htm and sets a BMP version of it as desktop’s background.
The ransomware is used as an extortion tool to force potential victims to pay a ransom in exchange for a decryption software widely known as Locky Decryptor. However, we do not recommend paying the ransom. Instead, we strongly recommend removing the virus. To remove Diablo6 ransomware, we recommend using Reimage software.
If you can’t download it to your system because the virus in your computer prevents you from doing so, please follow these instructions to recover access to your system. Do not forget to reboot your computer into normal mode after removing the virus and perform a system scan again. Only after a successful Diablo6 removal, you can start applying possible data recovery methods.
Recover Files Encrypted by Diablo6 Ransomware
There are several methods you can use to recover your files. They all require patience, so arm yourself with it. We hope that your computer is clean now since you removed the Locky variant from it using a trustworthy anti-malware software.
Method 1. Use a data backup
- If you exported data copies to an external disk some time ago, you could use them to restore the data that Diablo6 encrypted. We recommend you to create another data copy using your backup (use a secure computer to do it).
- Once you are 100% sure that the virus has been removed, plug the data backup device into the computer that was compromised.
- Wait until your computer detects it and open the folder with your data copies.
- Import them to your computer by selecting all of them and drag them to a desirable folder on your PC.
Method 2. Use file recovery software
We recommend you to try Data Recovery Pro for data recovery. The tool has proved to be an efficient software when dealing with corrupted or accidentally deleted files.
- Download Data Recovery Pro.
- Install the software using guidelines provided by its installation wizard.
- Open the software and perform a system scan with it. The program will detect the encrypted data and attempt to recover it.
Method 3. Restore files with the help of Windows Previous Versions
If you need to decrypt only several files individually, try using the following method. We hope that you have created a System Restore point earlier; otherwise, this method won’t work for you.
- Choose a file that you want to decrypt and right-click on it. Go to Properties and Previous Versions tab.
- Look at Folder versions section and select the file version that you want to recover. Click Restore.
Method 4. Try ShadowExplorer software
- Download ShadowExplorer software.
- Install the program using the instructions provided by ShadowExplorer installer. Open the program and click the button in the top left corner to see a drop down menu. Select the disk with encrypted data and then choose a folder that you want to recover.
- Select Export. You might also want to specify where to export the recovered file versions.
Method 5. Locky Decrypter
It is your choice whether to pay the ransom or not. We strongly recommend you not to pay it because it provides no guarantees regarding data recovery.
Recover files and other system components automatically
To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.