Indicators of Compromise Associated with Diavol Ransomware

The FBI first learned of Diavol ransomware in October 2021. Diavol is associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have been willing to engage victims in ransom negotiations and accept lower payments. The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.

Please click here to read more detail

TLP:WHITE

This website and the articles contained within are provided as a free service to you and for general informational purposes only. Information on this website is not intended to provide legal, accounting, tax or other advice. Please consult your attorney, accountant, or financial or other advisor with regard to your individual situation. We also make no warranty or representation regarding, and do not endorse, any linked websites or the information appearing there.

User Name:
Password	Show Password