Last July, we wrote about the emergence of a new ransomware, known as Diavol. Fortunately, security researchers were able to develop a decryption tool to help victims of the ransomware restore their files.
Diavol Ransomware Decryption Tool Now Available
Diavol was uncovered at the beginning of June 2021, when Fortinet prevented a ransomware attack targeting one of its customers. After successfully halting the attack, the researchers isolated two files that, at that time, weren’t present on VirusTotal: locker.exe and locker64.dll.
“While we were able to identify locker64.dll to be a Conti (v3) ransomware, locker.exe appeared to be entirely different. So, let’s say hello to a new ransomware family,” Fortinet researchers Dor Neeamni and Asaf Rubinfeld wrote in their detailed analysis. They said that the ransomware could be attributed to a specific cybercriminal group known as Wizard Spider.
The name of the ransomware comes from a URL associated with the attack the researchers analyzed. Diavol means “devil”.
Now, EmsiSoft researchers known for developing decryption keys for various ransomware families, have successfully created a free decryption tool to help Diavol victims.
“Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files,” EmsiSoft said in the dedicated decryption guide.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: