A new family of ransomware called Diavol has been discovered and could be linked to a criminal group known as Wizard Spider, according to PSIRT research and a report published in the Security Research Journal.
MALWARE FAMILIES:
Conti, Diavol
ATT&CK IDS:
T1059 – Command and Scripting Interpreter, T1106 – Native API, T1070 – Indicator Removal on Host, T1057 – Process Discovery, T1040 – Network Sniffing, T1083 – File and Directory Discovery, T1027 – Obfuscated Files or Information, T1071 – Application Layer Protocol, T1082 – System Information Discovery, T1135 – Network Share Discovery, T1485 – Data Destruction, T1486 – Data Encrypted for Impact, T1489 – Service Stop, T1490 – Inhibit System Recovery, T1559 – Inter-Process Communication, T1562 – Impair Defenses