Healthcare
Education
IT & Telecom
Government
CISO/CTO
DevSecOps
Product
Our Product
We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.
Solutions
By Industry
BFSI
Healthcare
Education
IT & Telecom
Government
By Role
CISO
Application Security Engineer
DevsecOps Engineer
IT Manager
Resources
Resource Library
Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.
Subscribe to Our Weekly Threat Digest
Company
Contact Us
Have queries, feedback or prospects? Get in touch and we shall be with you shortly.
Trickbot
Diavol
ransomware
Trickbot Gang linked to new Ransomware Diavol
Trickbot network expands its domain by introducing another ransomware, "Diavol," which uses Asynchronous procedure calls as its Payload method
06-Jul-2021
3 min read
Cybercriminals behind the notorious Trickbot malware has recently been associated with "Diavol" - a new variant of ransomware that has surged research in that domain.
The new strain was first identified by the security researchers of FortiGuard Labs when the company's FortiEDR product obstructed it on one of its customer's systems. Two ransomware payloads were deployed on different systems resulting in an unsuccessful attack in early Jun 2021.
One of these payloads appeared to be a [Conti ransomware](https://en.wikipedia.org/wiki/Conti_(ransomware), while the other was entirely unknown. Researchers have dubbed this unknown payload as Diavol.
According to researchers, as a segment of a unique encryption strategy, Diavol functions using user-made Asynchronous Procedure calls (**APCs that don't have symmetric encryption procedures.
Diavol was deployed concurrently with the Conti ransomware, and this helped the researchers to discover some correlation between them. They found out that Diavol uses many similar command line parameters used by Conti.
Some researchers have discovered a link between Diavol and Egregor ransomware as some lines in the ransom note were reused and a potential connection between Wizard Spider and Twisted Spyder. 'Although it is not reliable and no conclusions can be made,' they said.
'The source of intrusion is still unknown,' Fortinet said. The payload used by the operators points to the fact that Diavol is still new, and even its operators are not entirely familiar with it.
Trickbot is a banking trojan initially identified in 2016 infamous for theft of bank details and financial credentials; the operators have recently expanded its capabilities to affect multiple domains. In recent years the operators of Trickbot started attacking corporate networks by switching between the Ryuk and Conti Ransomware.
Despite the strict restrictions and actions to counter-attack the bot network, the continuously evolving malware (Trickbot) has persisted by quickly adapting new strategies to conduct further attacks.
Related Articles
Solutions
Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.
Find Us Online
contact@secureblink.com
