Security News > 2021 > August > Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang

Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang
2021-08-23 21:43

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.

In early July, Fortinet revealed specifics of an unsuccessful ransomware attack involving Diavol payload targeting one of its customers, highlighting the payload's source code overlaps with that of Conti and its technique of reusing some language from Egregor ransomware in its ransom note.

"As part of a rather unique encryption procedure, Diavol operates using user-mode Asynchronous Procedure Calls without a symmetric encryption algorithm," Fortinet researchers previously said.

What's more, the initial execution of the ransomware leads to it collecting system information, which is used to generate a unique identifier that's nearly identical to the Bot ID generated by TrickBot malware, except for the addition of the Windows username field.

"Collaboration between cybercrime groups, affiliate programs and code reuse are all parts of a growing ransomware economy," the researchers said.

"The Diavol code is relatively new in the cybercrime area, and less infamous than Ryuk or Conti, but it likely shares ties to the same operators and blackhat coders behind the scenes."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/4qjnNWD-N1A/researchers-find-new-evidence-linking.html