Ransomware Research

Diavol Ransomware

Diavol is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on June 1, 2021, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: LockMainDIB.

Quick Facts

Ransomware Family
Diavol
First Seen
June 1, 2021
Known Aliases
LockMainDIB

How Diavol Ransomware Works

Targeted Files

85ec7f5ec91adf7c104c7e116511ac5e7945bcf4a8fdecdcc581e97d8525c5ac - not found on VT services d3563a5c4b785a0e7992eac27d23379bff0afb01ba7bf98bc6ea332b441a028a - CryptoLocker32.exe (x86) ee13d59ae3601c948bd10560188447e6faaeef5336dcd605b52ee558ff2a8588 - CryptoLocker.exe (x64)

File Encryption Patterns

Diavol modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..lock64..PSFUX

Ransom Note and Payment Demands

After encrypting files, Diavol displays ransom notes demanding payment for file recovery:

filereadme.txt

Ransom message:

notes/readme.txt

Note locations:

EveryFolder
fileREADME_FOR_DECRYPT.txt

Ransom message:

notes/README_FOR_DECRYPT.txt

Note locations:

EveryFolder
fileWARNING.TXT

Technical Indicators

Associated Executable Files

The following executable files are associated with Diavol ransomware:

  • CryptoLocker64.dll
  • Locker.dll
  • CryptoLocker32.exe
  • CryptoLocker.exe

Elastio Can Help You

Don't let Diavol ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This Diavol ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Diavol.

Last updated: July 30, 2025

Diavol Ransomware - Detectable by Elastio