Diavol Ransomware Appears to Have Connections with TrickBot

TrickBot is a distant descendent of the ZeuS banking Trojan, which first appeared in 2005, although it is most commonly associated with Dyre or Dyreza, which went down in 2015. TrickBot appeared in 2016, replicating parts of Dyre’s malware while preserving its banking credential harvesting and web inject architecture. TrickBot has evolved into a malware empire with a plethora of plugin modules, cryptomining and persistence capabilities, and a growing relationship with subsequent ransomware infestations.

Diavol Ransomware

It was back in July 2021 when researchers from FortiGuard Labs published an investigation of a new ransomware variant known as Diavol (Romanian for Devil), which was observed to be targeting corporate victims.

Diavol and Conti ransomware payloads were discovered on a network in early June 2021 as part of a single ransomware assault, according to the experts.

It was determined that there were certain similarities between the two ransomware variants when they were analyzed, such as the use of asynchronous I/O operations for file encryption queueing and the usage of almost identical command-line options for the same functionality.

Diavol Ransomware’s Connection to TrickBot Gang

FBI formally announced that they have linked the Diavol Ransomware operation to the TrickBot Gang in a new advisory sharing

Read More: https://heimdalsecurity.com/blog/diavol-ransomware-appears-to-have-connections-with-trickbot/