Security News > 2021 > August > Diavol ransomware sample shows stronger connection to TrickBot gang
A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware.
Previous analysis of Diavol ransomware from Fortinet's FortiGuard Labs revealed a set of similarities with the TrickBot malware as well as differences that prevented high-confidence attribution of the code.
Fortinet's assessment at the beginning of July noted that both Diavol and Conti - a ransomware family strongly connected with TrickBot - used the same command-line parameters for a variety of tasks.
A report from the IBM X-Force threat analysts Charlotte Hammond and Chris Caridi provides clues pointing to a stronger connection between Diavol ransomware and the TrickBot gang.
While Fortinet did not find this language check code in the Diavol ransomware sample they analyzed, IBM says that they found indications in the development version that such code "May have been present or intended to be developed, even if it was not activated in the compiled samples."
IBM X-Force did not find definitive evidence to tie Diavol ransomware to the TrickBot gang but discovered new signs suggesting a connection.