"Researchers Find New Ransomware Variant 'Diavol'"
Researchers at Fortinet have discovered a new ransomware variant called Diavol, which has been observed targeting organizations since June 2021. Although Diavol is a new ransomware threat, it is believed to have a connection with the Russia-based cybercriminal group Wizard Spider. According to the researchers, Diavol leverages Asynchronous Procedure Calls (APCs) with a unique encryption procedure. This ransomware leaves a ransom note in every folder it encrypts. Diavol ransomware does not apply any tactics for evading detections, but the group behind it is using an anti-analysis method to disguise the ransomware code. The researchers found that Diavol ransomware has similarities with Conti and Egregor ransomware. For example, the command lines used by Diavol are similar to those used by Conti ransomware. Conti and Diavol ransomware also operate with synchronous I/O operations in the encryption of files. However, the attackers behind Diavol ransomware may have set up these similarities intentionally to confuse the security experts analyzing it. This article continues to discuss the spread and attack flow of Diavol ransomware, as well as its similarities to Conti and Egregor ransomware.
CISO MAG reports "Researchers Find New Ransomware Variant 'Diavol'"