Severity scale:  

Remove Diablo6 ransomware / virus (Removal Guide) - Decryption Methods Included

removal by Gabriel E. Hall - - | Type: Ransomware

Diablo6 virus rolls out its another malspam campaign

Diablo6 ransomware virus

Diablo6 virus operates as the latest version of the notorious Locky ransomware[1]. It encodes data on victim’s computer using a combination of RSA-2048 and AES-128 cryptography ciphers and attaches .diablo6 file extension to every file. Once the procedure is finished, the data becomes unreadable. Finally, the malware creates a ransom note called diablo6.htm and replaces desktop’s background with a diablo6.bmp image. Note that this malicious crypto-ransomware is not related to Diablo game in any way even though the authors seem to be its fans.

The virtual threat arrives in the form of an .ZIP email attachment that contains a VBS downloader. It hen connects to one of the malicious domains, downloads and executes the Locky Diablo6 ransomware.

During the encryption, Locky virus renames each file by swapping its original name with a set of characters. The new file name is created using such pattern: [8 first characters of the victim's ID]-[next 4 characters of the ID]-next 4 characters of the ID]-[4 random characters]-[12 random characters].diablo6.

Questions about Diablo6 ransomware virus

Once data encryption is complete, the virus immediately launches the ransom note using victim’s default browser. The ransom note starts with a straightforward explanation of what happened:

All of your files are encrypted with RSA-2048 and AES-128 ciphers.

The virus urges the victim to install Tor browser and visit a provided .onion website to access Locky Decryptor page. The price of Diablo6 decryption tool is 0.5 Bitcoin, which is approximately 1642 US dollars.

At the moment, there are no ways to decrypt files encrypted by this dangerous virus. Speaking of its sophistication, it is very similar to Cerber. Despite that, it doesn’t mean that you have to pay the ransom. Paying the ransom doesn’t guarantee efficient data recovery, either. The possibility of getting scammed is high, besides, obeying extortionists’ demands simply motivates them to create even more malware[2].

If your files were corrupted by the latest Locky ransomware variant, remove Diablo6 using Reimage Reimage Cleaner Intego or Malwarebytes. Your computer must be in a Safe Mode with Networking in order to complete the removal successfully.

After completing Diablo6 removal, use your data backup to restore damaged files. Many people do not have data backups, so if you are one of them, it might be impossible to restore your records. Try to think of ways where you could find intact data copies (USBs, CDs, email or elsewhere) and transfer them to your computer after deleting the virus. You can find alternative data recovery options below the article.

Locky Diablo6 virusDiablo6 is the new version of Locky ransomware that appends .diablo6 extension to encrypted files. The virus demands a ransom of 0.5 Bitcoin.

The ransomware now switches to .docm files 

The Locky Diablo6 variant is distributed via malspam campaign that delivers emails with subject lines similar to E [date] (random numbers).docx. The malware-laden email contains an attachment that is named E [date] (random numbers).zip. The message body lacks any explanation and contains three words only:

Files attached. Thanks

The ZIP file contains a VBS script that uses victim’s Internet connection to download malware from a compromised domain. The script may include several domains to connect to in case one of them won’t respond. The script is designed to download Diablo6 ransomware to %TEMP% folder and launch it immediately. Note that the dates of the report might be earlier. It only implies that Locky authors have diligently working on the new campaign.

The current analysis reveals that the threat now diverts to its old habit of fishing for users via .docm files. As its predecessor variation, which attempted to persuade unsuspecting users to open the infected .doc file and enable macros, Diablo6 functions the same. However, this case it employs .docm file as bait. This time, there is no message content except the subject line, the infected .docm is disguised within

This time, there is no message content except the subject line, the infected .docm is disguised within IMG_[4 digits].pdf.[3] If you enable the macros of the file, you will face the severe consequences of the malware.

The perpetrators indeed polish their malware distribution campaigns which now looks more sophisticated. However, despite how elaborate such emails may look, note that you should not give in to curiosity and not to open any attachments received from unknown recipients.

On the other hand, if your friend gets infected with a computer worm, he or she might send the corrupted link unwillingly. In that case, contact them directly. If you scan the file, note that malware authors apply various “cloaking” techniques to prevent the anti-virus from detecting the infection.

To protect yourself from Locky Diablo, follow the provided tips:

  • Never open email attachments that were sent to you by someone you don’t know. If the message looks vague or shady, never click on links or files attached to it;
  • Secure your computer system with anti-malware software. Keep it running at all times;
  • Dedicate some time to create a data backup. It is the only efficient tool that helps to restore crippled files after a ransomware attack;
  • Enable automatic software updates to always have the latest and most secure software versions on your PC.

According to experts, the first wave of ransomware hit Germany and US. If you are a German-speaking PC user, consider visiting for help[4].

Eliminate Locky Diablo6 virus 

Your computer will be secure only if you remove Diablo6 virus professionally. Let us remind you that you are dealing with one of the most destructive ransomware-type programs which might be perceived inferior to another ransomware – Cerber.

It continuously changes its attack vectors and its own structure, so better assign Diablo6 removal for a professional anti-malware program developed by malware analysts. Do not forget that you must update the security program to the latest version of it in order to eliminate the ransomware fully. After deleting the virus, start testing available data decryption techniques.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Diablo6 virus, follow these steps:

Remove Diablo6 using Safe Mode with Networking

Steps to remove Diablo6 ransomware virus:

  • Reboot your computer in Safe Mode with Networking;
  • Download or update anti-malware software;
  • Run a full system scan to find malicious files and eliminate them all at once.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Diablo6

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Diablo6 removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Diablo6 using System Restore

If the method 1 didn't help you to remove the ransomware, try the second option.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Diablo6. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Diablo6 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Diablo6 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

At the moment, it is impossible to recover files encrypted by Locky using any third-party tools. The only solution to the problem is a data backup. You can attempt to restore some files using the following data recovery methods.

If your files are encrypted by Diablo6, you can use several methods to restore them:

First method: Run Data Recovery Pro

You can try Data Recovery Pro to restore some .diablo6 file extension files. The tool might fail to restore all of your files – be prepared for it.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Diablo6 ransomware;
  • Restore them.

Second method:. Try to recover some files using Previous Versions

This method works only if you created a system restore point in the past. To recover individual files, carry out the given instructions.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Third method: Try ShadowExplorer

ShadowExplorer is a tool that helps to detect available Volume Shadow Copies and use them for data recovery. If the virus failed to delete VSS backup, it will help you to recreate your files.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Locky Decryptor

We do not recommend buying Locky Decryptor because it is a tool created by cybercriminals. It can contain spying tools, banking trojans or other forms of malware. Besides, it might fail to restore your files. Although an official decryption tool wasn't created by malware analysts yet, we do not recommend paying the ransom to cybercriminals.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Diablo6 and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

Removal guides in other languages

Your opinion regarding Diablo6 ransomware virus