Researchers from the cybersecurity company FortiGuard Labs (a Fortinet firm) have linked a new ransomware campaign called Diavol and it is that this malware seems to be signed by one of the large cybercriminal groups of today Wizard Spider responsible for the more than fearsome Trickbot.
Detected in early June, Diavol attempted to deliver its payload on various systems. Fortunately, this operation was aborted by Fortinet’s EDR software that protects the infrastructures in which the systems that were the target of these attacks are located. One more reminder, to add to a practically infinite list, of the reasons why it is essential to have security solutions to avoid these threats.
Diavol Ransomware is suspected of being actively deployed. The source of the intrusion remains unknown. What is clear, however, is that the source code for the payload shares similarities with Conti’s, even as his ransom note has been found to reuse some of the language that Egregor did.
Another aspect of ransomware that stands out is its reliance on an anti-parsing technique to obfuscate its code in the form of bitmap images, from which routines are loaded into a buffer with execute permissions. Before encrypting the files and changing the desktop wallpaper with a ransom message, some of the main functions performed by Diavol Ransomware, is to include the logs of the victim’s devices with a remote server, kill the running processes, find local drives and files on the system to encrypt them and prevent their recovery.
Diavol is one more reminder that ransomware lives its golden age, and that although the cybersecurity industry works tirelessly to find solutions for this terrible threat, today there is no absolute security and that only the combination of solutions Of security, constant and reliable backups and a good training in cybersecurity to the workers can protect us against malware, be it ransomware or any other family.
Check also:
Matanbuchus demonic threat lurking on the Web
Satan – A computer hijacker virus
Egregor is a ransomware that has been very active
