Security News > 2021 > July > Trickbot cybercrime group linked to new Diavol ransomware

Trickbot cybercrime group linked to new Diavol ransomware
2021-07-01 20:11

FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet.

Diavol and Conti ransomware payloads were deployed on different systems in a ransomware attack blocked by the company's EDR solution in early June 2021.

Despite all similarities, the researchers couldn't find a direct link between Diavol ransomware and the Trickbot gang, with some significant differences making high confidence attribution impossible.

Additional Diavol ransomware technical info and indicators of compromise can be found at the end of FortiGuard Labs's threat research report.

The TrickBot gang's operations entered a higher gear during the summer of 2018 when they started targeting corporate networks using Ryuk ransomware and again in 2020 after switching to Conti ransomware.

The developers of Trickbot have also started deploying the stealthy BazarLoader backdoor in attacks in April 2020, a tool designed to help them compromise and gain full access to corporate networks before deploying the ransomware payloads.


News URL

https://www.bleepingcomputer.com/news/security/trickbot-cybercrime-group-linked-to-new-diavol-ransomware/