Security News > 2022 > January > FBI links Diavol ransomware to the TrickBot cybercrime group

FBI links Diavol ransomware to the TrickBot cybercrime group
2022-01-20 18:37

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan.

A month later, IBM X-Force researchers established a stronger connection between Diavol ransomware and other TrickBot Gang's malware, such as Anchor and TrickBot.

Today, the FBI has formally announced that they have linked the Diavol Ransomware operation to the TrickBot Gang in a new advisory sharing indicators of compromise seen in previous attacks.

"The FBI first learned of Diavol ransomware in October 2021. Diavol is associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan," the FBI states in a new FBI Flash advisory.

"Alla Witte played a critical role for the TrickBot operations and based on the previous AdvIntel deep adversarial insight she was responsible for the development of the Diavol ransomware and frontend/backend project meant to support TrickBot operations with the specific tailored ransomware with the bot backconnectivity between TrickBot and Diavol," Kremez told BleepingComputer in a conversation.

"Another name for the Diavol ransomware was called"Enigma" ransomware leveraged by the TrickBot crew before the Diavol re-brand.


News URL

https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/