Diavol (d057b6e7-1de4-4f2f-b374-7e879caecd67)
Diavol is a ransomware variant first observed in June 2021 that is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. The Diavol Ransomware-as-a Service (RaaS) program is managed by Wizard Spider and it has been observed being deployed by Bazar.[Fortinet Diavol July 2021][FBI Flash Diavol January 2022][DFIR Diavol Ransomware December 2021][Microsoft Ransomware as a Service]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Wizard Spider (0b431229-036f-4157-a1da-ff16dfc095f8) | Tidal Groups | Diavol (d057b6e7-1de4-4f2f-b374-7e879caecd67) | Tidal Software | 1 |