Security News > 2022 > March > Free decryptor released for TrickBot gang's Diavol ransomware
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
Diavol ransomware victims can download the free tool from Emsisoft's servers to decrypt their data using detailed instructions available in this usage guide [PDF].
Notably, while the Diavol ransomware originally created ransom notes named README FOR DECRYPT.txt, as the FBI pointed out, BleepingComputer has seen a switch in November to ransom notes named Warning.
FortiGuard Labs security researchers first tied this ransomware strain to the TrickBot gang after spotting it deployed on different systems together with Conti ransomware payloads in an attack blocked by the company's EDR solution in early June 2021.
Following their report and likely after the arrest of Alla Witte, who was involved in ransomware development for the malware gang, the FBI also formally linked it to the TrickBot cybercrime gang.
Although active since at least June 2021, Diavol ransomware has never been very active and has only a few dozen submissions on the ID-Ransomware service.