Diavol ransomware is allegedly affiliated with TrickBot threat group

Diavol Ransomware TrickBot Threat Group Malware

The FBI disclosed an advisory regarding an alleged connection between the ransomware group called Diavol and the TrickBot operators. The Diavol ransomware was first discovered by researchers targeting several corporate employees back in July last year, and since then, the Diavol threat actors have been operating consistently.

Researchers confirmed the connection between the two cybercriminal entities after the arrest of a woman in Latvia who played a massive role in developing the TrickBot operators. Moreover, she is also an essential piece responsible for the emergence of the Diavol ransomware while supporting the TrickBot operations.


The FBI has monitored the Diavol ransomware and found several details regarding their attack process and their association with the Trickbot threat group.


The US federal law enforcement agency monitored the said ransomware three months after its first discovery last year. They stated that the ransomware group demands $10,000 to up to $500,000 in ransom attacks, which could be lowered or increased depending on the ransom negotiations.

However, these lower ransom demands by the Diavol ransomware are significantly cheaper than the big-time groups such as Ryuk, TrickBot, and Conti since these groups always ask their target for millions of dollars in ransom.

Experts believe that the Diavol group demands lower because they are relatively new to the hacking landscape, and their reputation is not as prominent as the other groups mentioned earlier.

In July last year, researchers disclosed an analysis and details regarding the Diavol targeting corporate entities. The investigation revealed similarities between Diavol and TrickBot through ransomware samples, such as identical command-line parameters for the same function and asynchronous I/O operations for file encryption queuing.

The recent connection between Diavol and TrickBot reveals how threat groups can work with one another. Organisations are advised to follow proper internet and cybersecurity hygiene to avoid these ransomware campaigns.

About the author

Leave a Reply