Scribd
Upload
92 views

Emsisoft Howto Diavol

This document provides instructions for using the Emsisoft Decryptor to decrypt files encrypted by the Diavol ransomware. It outlines 10 steps: 1) Download the decryptor; 2) Run as administrator and accept license terms; 3) Select an encrypted and unencrypted file pair; 4) The decryptor will display encryption details; 5) Click OK to open the decryptor interface; 6) Add locations to decrypt; 7) Select decryption options; 8) Click decrypt to start decrypting files; 9) The decryptor will display when decryption is finished; 10) Options include keeping encrypted files or partially decrypting large files.

Uploaded by

Biruk Yifru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
92 views

Emsisoft Howto Diavol

This document provides instructions for using the Emsisoft Decryptor to decrypt files encrypted by the Diavol ransomware. It outlines 10 steps: 1) Download the decryptor; 2) Run as administrator and accept license terms; 3) Select an encrypted and unencrypted file pair; 4) The decryptor will display encryption details; 5) Click OK to open the decryptor interface; 6) Add locations to decrypt; 7) Select decryption options; 8) Click decrypt to start decrypting files; 9) The decryptor will display when decryption is finished; 10) Options include keeping encrypted files or partially decrypting large files.

Uploaded by

Biruk Yifru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

How to use the Emsisoft Decryptor

for Diavol
IMPORTANT! Be sure to quarantine the malware from your system first, or it may repeatedly lock
your system or encrypt files. If your current antivirus solution fails to detect the malware, it can
be quarantined using the free trial version of Emsisoft Anti-Malware. If your system was
compromised through the Windows Remote Desktop feature, we also recommend changing all
passwords of all users that are allowed to login remotely and check the local user accounts for
additional accounts the attacker might have added.

The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted
version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data.
This file must be roughly 20KB or larger in size. Please do not change the file names of the original and
encrypted files, as the decryptor may perform file name comparisons to determine the correct file
extension used for encrypted files on your system.

How to decrypt your files


1. Download the decryptor from the same site that provided this “How To” document.

2. Run the decryptor as an administrator. The license terms will show up next, which you have to
agree to by clicking the “Yes” button:

EMSISOFT www.emsisoft.com Page 1 / 4


3. After accepting the terms, select your file pair using the “Browse” buttons. Then, click the “Start”
button.

4. The decryptor will display the reconstructed encryption details once the recovery process has
finished. The display is purely informational to confirm that the required encryption details have
been found:

EMSISOFT www.emsisoft.com Page 2 / 4


5. Once a key is found, click “OK” to open the primary decryptor user interface:

6. By default, the decryptor will pre-populate the locations to decrypt with the currently connected
drives and network drives. Additional locations can be added using the “Add” button.

7. Decryptors typically offer various options depending on the particular malware family. The
available options are located in the Options tab and can be enabled or disabled there. You can
find a detailed list of the available Options below.

8. After you have added all the locations you want to decrypt to the list, click the “Decrypt” button
to start the decryption process. The screen will switch to a status view, informing you about the
current process and decryption status of your files:

EMSISOFT www.emsisoft.com Page 3 / 4


9. The decryptor will inform you once the decryption process is finished. If you require the report
for your personal records, you can save it by clicking the “Save log” button. You can also copy it
straight to your clipboard to paste it into emails or forum posts if you are asked to.

Available decryptor options


The decryptor currently implements the following options:

 Keep encrypted files


Since the ransomware does not save any information about the unencrypted files, the decryptor
can’t guarantee that the decrypted data is identical to the one that was previously encrypted.
Therefore, the decryptor by default will opt on the side of caution and not remove any
encrypted files after they have been decrypted. If you want the decryptor to remove any
encrypted files after they have been processed, you can disable this option. Doing so may be
necessary if your disk space is limited.
 Allow partial decryption of large files
Due to technical limitations, this decryptor may not be able to decrypt files larger than the file
pair you provided. If you enable this option, only the first part of the file will be decrypted, and
the rest may remain encrypted. For some file formats, this may still allow some recovery, but
others will remain damaged by the malware.

EMSISOFT www.emsisoft.com Page 4 / 4

You might also like