Security News > 2021 > July > New Ransomware 'Diavol' Linked to Notorious Cybercrime Gang
Wizard Spider, the notorious cybercrime gang that operated the TrickBot botnet and the Ryuk and Conti ransomware families, may have developed a new ransomware family, Fortinet reports.
Dubbed Diavol, the ransomware shows similarities with Conti, but the observed attacks lack some of the tactics previously associated with Wizard Spider.
The ransomware keeps its main routines in bitmap images that are stored in the PE resource section, with a total of 14 routines identified, including one that instructs Diavol to stop services and processes and another to delete shadow copies.
As part of an observed attack, Diavol was deployed in conjunction with Conti, albeit on different machines.
Despite the attack being attributed to Wizard Spider, Fortinet also noticed some differences between Diavol and Conti, such as the lack of checks to ensure the malware doesn't infect Russian victims and no clear evidence of double extortion.
"Currently, the source of the intrusion is unknown. The parameters used by the attackers, along with the errors in the hardcoded configuration, hint to the fact that Diavol is a new tool in the arsenal of its operators which they are not yet fully accustomed to," Fortinet says.