Last July, we wrote about the emergence of a new ransomware, known as Diavol. Fortunately, security researchers were able to develop a decryption tool to help victims of the ransomware restore their files.
Diavol Ransomware Decryption Tool Now Available
Diavol was uncovered at the beginning of June 2021, when Fortinet prevented a ransomware attack targeting one of its customers. After successfully halting the attack, the researchers isolated two files that, at that time, weren’t present on VirusTotal: locker.exe and locker64.dll.
“While we were able to identify locker64.dll to be a Conti (v3) ransomware, locker.exe appeared to be entirely different. So, let’s say hello to a new ransomware family,” Fortinet researchers Dor Neeamni and Asaf Rubinfeld wrote in their detailed analysis. They said that the ransomware could be attributed to a specific cybercriminal group known as Wizard Spider.
The name of the ransomware comes from a URL associated with the attack the researchers analyzed. Diavol means “devil”.
Now, EmsiSoft researchers known for developing decryption keys for various ransomware families, have successfully created a free decryption tool to help Diavol victims.
“Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files,” EmsiSoft said in the dedicated decryption guide.