Locky ransomware has proven to be a persistent form of malware continuing to make headlines regularly. We have now seen yet another major distribution campaign for Locky targeting computer users all over the world. It remains to be seen whether this will be a permanent trend or just a brief attack. The latest variant of this notorious malware to be unleashed upon the world is known as Locky Diablo6.

Locky’s Back With Some New Tools

There are more versions of Locky ransomware than Linux distributions these days. It seems things will not be slowing down in the Locky department any time soon. Instead, we now have a new variant making the rounds, known as Diablo6. The malware variant is currently distributed as part of a malspam campaign targeting computer users around the world. No one will be safe from this new version of Locky. It remains to be seen just how successful the new campaign turns out to be.

The ransomware will encrypt files on infected computers and append the .diablo6 file extension. Emails distributing this malware variant have a subject line which mentions a random number and an attached Word document. It seems like a lot of people may fall for this approach in the long run, as the body of the message simply states that files are attached. People expecting an email containing attachments would certainly be likely to opening these files.

Once the victim downloads the email attachments, they will be greeted with a VBS Downloader script. Said script will then attempt to download the Locky Diablo6 payload from one of many file servers. The developers have put in a fair amount of effort to ensure victims successfully download the malware and have their files encrypted. Indeed, that is how most types of ransomware operate.

This latest Locky will automatically remove its executable file once the encryption process is completed. Additionally, it will display a ransom message which explains how users must proceed. They will need to install the Tor browser in order to access a payment page. Considering how most types of ransomware removed this built-in functionality in recent months, it makes the Diablo6 variant quite intriguing.

Victims of the Locky Diablo6 variant will be required to pay a sum of 0.49 Bitcoin to get their files back. At current prices, that is well over US$1,500 worth of Bitcoin, which is pretty significant. It does not appear that there will be a free decryption tool available anytime soon, which could make Locky Diablo6 one of the more lucrative ransomware types we have seen throughout 2017. Decrypting this ransomware will take security researchers a lot of time.

This new malware variant has the potential to wreak substantial havoc in the coming weeks and months. A dedicated full-blown distribution campaign for Locky Diablo6 would cause many problems for computer users the world over.