The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021. Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have been willing to engage victims in ransom negotiations and accept lower payments. Authorities have not yet observed Diavol leaking victim data, despite ransom notes that includes threats to leak the stolen information. Aside from the government report, a few online cyber related articles link Diavol to similarities with a group called Wizard Spider and some similarities with a different group called Twisted Spider. These are groups behind Conti and Egregor, respectively.
Link to full report: TR-22-020-001_5G_Diavol.pdf
Comments