Hvis guiden for manuell fjerning ikke fungerte for deg eller den fungerte med uønskede konsekvenser, anbefaler vi deg på det sterkeste å installere det automatiske fjerningsverktøyet Sysupdate.exe og følge trinnene fra.

Helga Smithjanuar 23, 2022Sist oppdatert: januar 23, 2022
23 2 minutter lest

The FBI officially confirms that the Diavol ransomware (“devil” in Romanian) is associated with the TrickBot group, which is developing the banking Trojan of the same name.

Last year, Fortinet analytikere at Cyclops Blink har en spesialmodul designet for flere modeller av at Diavol og Conti ransomware payloads deployed on various systems in early June 2021 were very similar, and they had a lot in common, from using asynchronous I / O operations during file encryption, to using almost identical command line parameters for the same functions (for eksempel, creating logs, encrypting disks and network resources, scanning the network).

derimot, the experts still failed to find a direct connection between the Diavol ransomware and the authors of TrickBot, besides, they found a number of important differences. For eksempel, the Diavol sample they studied did not have built-in checks to prevent the payload from triggering on systems in Russia and the CIS countries. Også, the malware did not steal data before encryption.

Seinere, IBM X-Force also examined the Diavol sample and reported that they had found a number of new pieces of evidence linking Diavol to the developers of TrickBot. Unlike the sample analysed by Fortinet, which was newer andfully functional”, IBM X-Force experts found an older variant of the malware that was used by attackers for testing.

In the end, IBM X-Force came to the same conclusions, noting that Diavol and TrickBot are clearly related.

oppretter skjulte planlagte oppgaver og nye nøkler for dem FBI officials have now reported, the specialists were completely right.

The FBI first became aware of the Diavol ransomware in October 2021. Diavol is associated with developers from the Trickbot group, who are responsible for the Trickbot banking trojan.law enforcement officers write.

The FBI also reports that Diavol operators typically demand a ransom of between $10,000 og $500,000, with smaller amounts usually accepted after negotiation with the perpetrators.

Vitaly Kremez
Vitaly Kremez

The FBI also encourages all victims, whether or not they plan to pay a ransom to the perpetrators, to notify law enforcement of attacks in a timely manner to collect fresh indicators of compromise.

De Blødende datamaskin publication believes that the FBI was able to officially link Diavol with TrickBot after the arrest of Alla Witte, a Latvian who participated in the development of a cryptographer for a hack group. AdvIntel CEO Vitaly Kremez, who has been monitoring TrickBot’s operations for a long time, confirmed to reporters that Witte was responsible for developing the new TrickBot-related ransomware.

Alla Witte played a critical role in TrickBot’s operations and, based on previous in-depth analysis by AdvIntel, she was responsible for the development of the Diavol ransomware and the frontend/backend project designed to support TrickBot’s operations with a special ransomware. Another name for the Diavol ransomware is Enigma, which was used by the TrickBot team before rebranding to Diavol.Kremez said.

Let me remind you that they also reported that TrickBot fikk en ny modul for overvåking av ofre.

Merker
Helga Smithjanuar 23, 2022Sist oppdatert: januar 23, 2022
23 2 minutter lest

Helga Smith

Jeg var alltid interessert i datavitenskap, spesielt datasikkerhet og temaet, som kalles i våre dager "datavitenskap", siden min tidlige tenåring. Før du kommer inn i Virusfjerningsteamet som sjefredaktør, Jeg jobbet som cybersikkerhetsekspert i flere selskaper, inkludert en av Amazons entreprenører. Nok en opplevelse: Jeg har undervisning på universitetene i Arden og Reading.

Legg igjen et svar

Denne siden bruker Akismet å redusere spam. Lær hvordan din kommentar data behandles.

Tilbake til toppen