Trickbot network expands its domain by introducing another ransomware, "Diavol," which uses Asynchronous procedure calls as its Payload method
Cybercriminals behind the notorious Trickbot malware has recently been associated with "Diavol" - a new variant of ransomware that has surged research in that domain.
The new strain was first identified by the security researchers of FortiGuard Labs when the company's FortiEDR product obstructed it on one of its customer's systems. Two ransomware payloads were deployed on different systems resulting in an unsuccessful attack in early Jun 2021.
One of these payloads appeared to be a [Conti ransomware](https://en.wikipedia.org/wiki/Conti_(ransomware), while the other was entirely unknown. Researchers have dubbed this unknown payload as Diavol.
According to researchers, as a segment of a unique encryption strategy, Diavol functions using user-made Asynchronous Procedure calls (**APCs that don't have symmetric encryption procedures.
Diavol was deployed concurrently with the Conti ransomware, and this helped the researchers to discover some correlation between them. They found out that Diavol uses many similar command line parameters used by Conti.
Some researchers have discovered a link between Diavol and Egregor ransomware as some lines in the ransom note were reused and a potential connection between Wizard Spider and Twisted Spyder. 'Although it is not reliable and no conclusions can be made,' they said.
'The source of intrusion is still unknown,' Fortinet said. The payload used by the operators points to the fact that Diavol is still new, and even its operators are not entirely familiar with it.
Trickbot is a banking trojan initially identified in 2016 infamous for theft of bank details and financial credentials; the operators have recently expanded its capabilities to affect multiple domains. In recent years the operators of Trickbot started attacking corporate networks by switching between the Ryuk and Conti Ransomware.
Despite the strict restrictions and actions to counter-attack the bot network, the continuously evolving malware (Trickbot) has persisted by quickly adapting new strategies to conduct further attacks.