πŸ”’
There are new articles available, click to refresh the page.
Yesterday β€” 20 January 2022General Security News

FBI links the Diavol ransomware to the TrickBot gang

20 January 2022 at 22:45

The Federal Bureau of Investigation (FBI) officially linked the Diavol ransomware operation to the infamous TrickBot gang.

The FBI officially linked the Diavol ransomware operation to the infamous TrickBot gang, the group that is behind the TrickBot banking trojan.

β€œThe FBI first learned of Diavol ransomware in October 2021. Diavol is associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have been willing to engage victims in ransom negotiations and accept lower payments.” reads the flash alert published by the FBI. β€œThe FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.”

TrickBotΒ is a popular banking Trojan that has been around since October 2016, its authorsΒ have continuously upgradedΒ it by implementing new features. Operators continue to offer the botnet through a multi-purpose malware-as-a-service (MaaS) model. Threat actors leverage the botnet to distribute a broad range of malware including info-stealer and ransomware such asΒ ContiΒ andΒ Ryuk. To date, the Trickbot botnet has already infected more than a million computers.

The TrickBot Gang is also behind the development of theΒ BazarBackdoorΒ andΒ Anchor backdoors.

In July, researchers from Fortinet first spotted the new ransomware family, tracked as Diavol, and speculated it might have been developed byΒ Wizard Spider, the cybercrime gang behind theΒ TrickBot botnet.

Fortinet experts noticed similarities between Diavol and Conti threats, but unlike Conti, Diavol doesn’t avoid infecting Russian victims.

diavol ransomware

In August, IBM X-Force researchers conducted a new analysis of an old variant of the threat that unlike the one analyzed by Fortinet experts appears to be a development version used for testing purposes.

The comparison of the two versions allowed the researchers to get insight into the development process of Diavol and of future versions of the malware.

The analysis conducted by IBM X-Force researchers reinforcedΒ the link between Diavol ransomware and the TrickBot malware.

Now the FBI’s report provides technical details about the Diavol Ransomware and its link to the TrickBot gang.

β€œThe Bot ID generated by Diavol is nearly identical to the format used by TrickBot and the Anchor DNS malware, also attributed to Trickbot.” continues the report.

The FBI’s advisory also contains indicators of compromise along with mitigations for Diavol.

The FBI encourages victims of the gang to report information concerning suspicious or criminal activity to their local FBI field office.

The FBI also urges all victims of the Diavol operation, to notify law enforcement of attacks.

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, Diavol ransomware)

The post FBI links the Diavol ransomware to the TrickBot gang appeared first on Security Affairs.

  • There are no more articles
❌