Diavol Ransomware and TrickBot Group
Industry: N/A | Level: Operational | Source: IC3.Gov
In the latest flash report released from the FBI, the agency shared that since tracking Diavol ransomware in October 2021, an association has been observed between the ransomware group and the Trickbot Group. The correlation comes an overlap in the two group’s tactics, as from the unique system/bot ID, generated by Diavol on victim workstations the format is nearly identified from what's used by Trickbot. As well as, the usage of an associated Trickbot malware Anchor DNS by the ransomware gang. There is currently, limited technical details shared by the agency, rather high-level observations of the group. The threat actors have compromised several entities with ransom demands ranging from $10,000 - $500,000. While the group does utilize double extortion tactics, to date, no observed data leaks were found to be associated with Diavol.
- Anvilogic Scenario: Diavol Ransomware