Diavol - A New Ransomware Used By Wizard Spider?

3 years ago
July 1, 2021
0 replies
2 views

+54

Jasper_The_Rasper
Moderator
11535 replies

By Dor Neeamni and Asaf Rubinfeld | July 01, 2021

FortiGuard Labs Threat Research Report

Affected Platforms: Windows
Impact: Data encryption, Data destruction
Threat Severity: Critical

Diavol Introduction

At the beginning of June, FortiEDR prevented a ransomware attack that had targeted one of our customers. After successfully stopping the attack, we were able to isolate two suspicious files that, at the time, were not found on VirusTotal: locker.exe and locker64.dll. In the timeline of the attack, locker.exe was deployed a day before locker64.dll.

While we were able to identify locker64.dll to be a Conti (v3) ransomware, locker.exe appeared to be entirely different. So, let’s say hello to a new ransomware family.

In this blog, we’ll dive into the inner workings of Diavol and its possible attribution to the criminal group known as Wizard Spider.

Full Article.

Be the first to reply!

Diavol Introduction

Reply

Related Topics

How to monitor Registry activity with RegMon

Install, configure, and use ProcessMonitor

How To Monitor File System Activity With FileMon

Minimum Permissions required for the K2.net Server service account

Find processes that have feedback requiring a response

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded