Diavol Case

A new ransomware called diavol is operating user mode Asynchronous Procedure Calls (APC). Diavol is capable of terminating arbitrary process and prioritize file types to encrypt based on a preconfigured list of extensions. The execution of the ransomware leads to collecting system information.  Diavol is linked to Russian ransomware group Trick Bot.

 

Best,

 

Bingo

 

References:

 

https://thehackernews.com/2021/08/researchers-find-new-evidence-linking.html

 

https://www.bleepingcomputer.com/news/security/diavol-ransomware-sample-shows-stronger-connection-to-trickbot-gang/

https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/