Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang?
Latest in cybersecurity.
Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report.
The Trickbot botnet was used by threat actors to spread the Ryuk and Conti ransomware families, experts noticed similarities between Diavol and Conti threats. Unlike Conti, Diavol doesn’t avoid infecting Russian victims.
At the beginning of June, FortiEDR detected and halted a ransomware attack against one of the customers of the security firm. The security firm detected two suspicious files, locker.exe and locker64.dll, that at the time were not found on VirusTotal. locker64.dll was detected as a Conti (v3) ransomware sample, while locker.exe appeared to be completely different and dubbed it Diavol.
via Security Affairs https://ift.tt/2ISWpiN
July 2, 2021 at 10:16PM