Trickbot banking malware is back in news for inducing a new ransomware variant into the wild. Researchers from Fortinet’s FortiGuard Labs has have found that the new malware strain is acting similar to that of Conti Ransomware with a change that it Asymmetric encryption algorithms unlike other file encrypting malware variants.
Dubbed as ‘Diavol’ this new malicious variant is targeting networks and indulging in credential theft and blocking users from accessing files from the targeted database.
In the year 2016, some law enforcement agencies from West tried their best in neutralizing the botnets used by Trickbot. It however picked up its momentum last year as soon as Russian hacking group named Wizard Spider took over its malware spreading operations.
FortiGuard claims that the new ransomware can stay anonymous by embedding its code as bitmap images. And the infection gripping is also interesting as it connects the victim device with a server operating remotely, ends all programs, locks down the hard drive and makes the recovery impossible by deleting shadow copies.
Note 1- In Sept’2020 many of the healthcare facilities in United States were hit by RYUK Ransomware and later a detailed probe launched by FBI found that Emotet Trojan started the botnet infection by sending malware laced phishing emails to victim and that led to the installation of TrickBot, eventually leading to provide access to RYUK.
Note 2- From October 2020, FBI in association with few other law enforcement agencies launched a crackdown on the operations of those gangs that were spreading Trickbot malware. And as per an analysis by Microsoft, over 94% of the trickbot’s operational infrastructure were eliminated as many servers from Brazil, Colombia, Kyrgyzstan and Indonesia were seized by Interpol.