Diavol Ransomware
The latest announcement now ties the FBI. its operation of Diavol Ransomware. the malware software makes the infamous banking trojan called TrickBot Group. which is the malware infection. that lingers on corporate networks for years. An infection that led to Conti and Ryuk ransomware attacks, and network intrusions. And even financial fraud or corporate espionage by the same TrickBot Gang alias Wizard Spider. Also known under the biggest name TrickBot Gang. Then is TrickBot Banking Trojan, but also behind the development of BazarBackdoor and Anchor backdoors. In July 2021, researchers from Fortigard Lab also published an analysis of a new ransomware. So Called Devol, or the devil in Romanian, but it was also witnessed to target corporate victims. Researchers interpreted the same ransomware attack in early June 2021. As the launch of Divall and Conti ransomware payloads on the network.
Comparing the two samples of ransomware. There were similarities in the use of asynchronous I/O operations in the encryption queue for files and almost identical command-line parameters for analogous functionality. There is not enough evidence to officially tie the two operations.
However, a month later, IBM X-Force researchers also established a strong connection between Diavol ransomware. And other malware from TrickBot Gang, like Anchor and TrickBot.
The Federal Bureau of Investigation said it had associated the dots between the ransomware operation named Devol and a gang, TrickBot. The FBI first received such intelligence about Devol ransomware in October 2021, in the latest update on its new FBI Flash Advisory. Diavol is related to the software developers at Trickbot Group. which is infamous for the spreading of the Trickbot Banking Trojan says the FBI.
Since then, the FBI has received ransom demands that range between $ 10,000 and $ 500,000.
even for rather low payments accepted after ransom negotiation. Therefore This sum is in sharp contrast to the huge ransom demands. that other ransomware operations, connected to TrickBot, have historically made- including others run by Conti and Ryuk. that have previously demanded millions of dollars in ransom. For example, the county ransomware operation sends demands for $40 million from Florida’s Broward County School District and 14 million to chip maker Advantech, during April. Even after Latvian woman Alla Vitte. who developing ransomware for the malware gang. the FBI was able to formally link Devol to the Trickboat gang.
According to an observation by AdvIntel CEO Vitaly Kremez. who is tracking TrickBot operations. Witte was behind the development of new TrickBot-linked ransomware, BleepingComputer has reported. 0iavol was also working on ransomware, frontend/back project. So it helps with trick boat operations. with ransomware in a specific context using bot-back connectivity. Ala Witte has been playing an important role in the TrickBot operations. so have AdvIntel’s deepest rivals, according to insights. Other terms for the Diavol ransomware include “Enigma” ransomware. So it uses the TrickBot gang. before the Diavol rebrand, he says. They’re trying to open it. It could have been opened by somebody already. Trickbot and Divewall, “Kremez told Blipping Computer in a conversation as well.
Significantly, the Devol ransomware initially generated ransomware notes called ‘README_FOR_DECRYPT.txt’, according to the FBI advisor.
Although BleepingComputer observes ransomware on ransomware notes labeled ‘Warning.txt’ in November. So The FBI is also asking all those victims. Then wish to pay a ransom used for investigation and law enforcement operations. Then to collect such new IOCs as well as get law enforcement prepared during the attacks.
If you have once fallen victim to the Diavol attack. so it is also advisable to be reporting to the FBI. before you make any payment.
Leave A Comment