You are here

FBI FLASH: Indicators of Compromise Associated with Diavol Ransomware

FBI FLASH: Indicators of Compromise Associated with Diavol Ransomware

Created: Thursday, January 20, 2022 - 14:29
Categories:
Cybersecurity

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with Diavol ransomware. The FLASH indicates that Diavol ransomware threat actors, first observed in October 2021, are associated with the Trickbot Group, who utilize the Trickbot Banking Trojan. According to the FBI, “Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.” Ransomware demands have ranged in price from $10,000 to $500,000. The FLASH includes further technical details regarding this activity and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or [email protected].

Attached Files: 
PDF icon CU-000161-MW-TLP-White