The cybercrime group behind the Trickbot botnet, Wizard Spider, has been linked to a new ransomware strain dubbed Diavol, according to FortiGuard Labs security analysts. In early June 2021, Diavol and Conti ransomware payloads were delivered on several systems in a ransomware attack prevented by the company’s EDR technology.
Wizard Spider is a financially motivated criminal group based in Russia that manages the Trickbot botnet, which is used to distribute second-stage malware to infected devices and networks. Because it spreads over corporate networks, Trickbot is especially hazardous to companies. If it gains administrative access to a domain controller, it will also steal the Active Directory database, allowing the organization to harvest even more network credentials.