<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<span style="font-size: 14.67px;">Hello,</span><br>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:14.67px;background-color:white">I hope everyone is doing well!</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">Below is the entry for today.</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">07/06/2021 - Diary entry #299:<br>

<br>

</div>

<blockquote style="font-size:14.67px;background-color:white;margin-top:0px;margin-bottom:0px">

<div style="margin:0px"></div>

<div style="margin:0px"></div>

First discovered this month, Diavol seems to be a new ransomware strain deployed by Trickbot, covered in our Daily Diaries #71. Diavol was found being deployed on the same network as Conti Ransomware, on different systems in the same attack. Diavol also use

 the RSA encryption algorithm, making it hard to recover the files without having the original private-key. Diavol command-line arguments are very similar to Conti, allowing an attacker to encrypt both local drives and network shares.

<div><br>

</div>

<div>After encrypting the machine a ransom note is dropped with a .onion link for Diavol Unlocker. The ransom message also claims that data was downloaded in the attack, and will be posted online in case the ransom is not paid, following the double-extortion

 model employed by REvil and other ransomware gangs.</div>

<div><br>

</div>

It's not clear yet if Diavol Ransomware is developed by the Russian APT group Wizard Spider. This group also develops Trickbot, BazaLoader, Ryuk Ransomware, and Conti Ransomware. Diavol might be the result of a partnership, in which the attackers are using

 Wizard Spider's malware to deploy their attacks.

<div style="margin:0px"><br>

</div>

</blockquote>

<span style="margin:0px;font-size:14.67px;background-color:white">Kind Regards,<br>

</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div></div>

<div></div>

<div></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-family:"Times New Roman"; font-size:medium; text-align:start">

<tbody>

<tr>

<td width="180" align="left" style="width:180px">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/"><img alt="" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/"><img width="18" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity"><img width="20" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ"><img width="26" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p> </p>

</td>

<td width="350" colspan="2" rowspan="2" style="width:350px">

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

<strong>Felipe Duarte Domingues</strong><br>

Security Researcher<br>

<strong>Appgate</strong></p>

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

E:<span> </span><font color="#228ebe"><a href="mailto:felipe.duarte@appgate.com" title="mailto:felipe.duarte@appgate.com">felipe.duarte@appgate.com</a></font><br>

O: <span style="background-color:rgb(255,255,255); display:inline!important">+55 19 98840 2509</span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>