The stealing of data by Diavol ransomware has been believed to be a bluff earlier. But security analysts have confirmed with proof that Diavol is in fact stealing data.
The Campaign-
SpearTip provided a report that had given the details of the role of ransomware in stealing data.
- The attackers used Cobalt Strike’s HTTP beacon for the facilitation of data exfiltration ability.
- The attack is difficult to detect since the beacon is named sysr[.]dll. The attacker creates a folder and stores them in this folder.
- The technique of injecting the malware into the memory of the software that has been compromised app also makes it challenging.
The Dilemma that the ransomware did not steal data or not was there due to the fact that they did not use their capability in that executable packet. They enabled the exfiltration of the data using the tactics from the invasive environments.
Conclusion-
This new malware shows a very evasive nature. Security professionals have to come up with new and more advanced techniques and tools to avoid such attacks.