2022-01-25

Diavol Ransomware and TrickBot Group

Level: 
Tactical
  |  Source: 
IC3.Gov
Share:

Diavol Ransomware and TrickBot Group

Industry: N/A | Level: Operational | Source: IC3.Gov

In the latest flash report released from the FBI, the agency shared that since tracking Diavol ransomware in October 2021, an association has been observed between the ransomware group and the Trickbot Group. The correlation comes an overlap in the two group’s tactics, as from the unique system/bot ID, generated by Diavol on victim workstations the format is nearly identified from what's used by Trickbot. As well as, the usage of an associated Trickbot malware Anchor DNS by the ransomware gang. There is currently, limited technical details shared by the agency, rather high-level observations of the group. The threat actors have compromised several entities with ransom demands ranging from $10,000 - $500,000. While the group does utilize double extortion tactics, to date, no observed data leaks were found to be associated with Diavol.

  • Anvilogic Scenario: Diavol Ransomware

Get trending threats published weekly by the Anvilogic team.

Sign Up Now