SentinelOne Vs. Diavol Ransomware – Mitigation and Rollback

⚔️ Watch how SentinelOne mitigates and rolls back Diavol ransomware. Diavol is a relatively new ransomware family, having been first seen in the wild around June-July 2021. The malware is ‘Trickbot-adjacent’ and believed to be the cybercrime organization responsible for the development and maintenance of Trickbot (often referred to as Wizard Spider).

Upon execution, Diavol (like Trickbot) will check-in to the controlling C2 server. A set of unique IDs is then created (Group/Bot) establishing the necessary relationships to the rest of the infected ecosystem. Diavol is capable of terminating processes, customized encryption targeting, and dynamic configuration changes/updates. In addition, attackers can pre-package/pre-configure specific paths or extension lists for encryption on the victims.

#Diavol #cybersecurity #infosec #ransomware #malware