Government officials in India have issued a “Virus Alert’ through the Indian Computer Emergency Response Team (CERT-In) following the discovery of a new type of ransomware was identified propagating through emails. The ransomware targets Windows computers. Once the payment is made, it will lock the PC remotely and demands money from the user.
For those who aren’t aware it is a kind of malware that can be extremely sophisticated, encrypting the system completely or deletes important files. It then demands users to pay the ransom (via Bitcoins). If the user fails to pay the ransom, the files are typically deleted , or the computer could be rendered inoperable.
In its most recent advisory, CERT-In warned of the ransomware known as Diavol. As per the advice, the ransomware is developed using Microsoft Visual C/CCompiler for ++. “It is encrypting files using user-mode Asynchronous Procedure Calls (APCs) with an asymmetric encryption algorithm,” the advisory stated.
How does the brand new Diavol ransomware function?
According to CERT-In, Diavol malware is being spread via emails, which include the URL to OneDrive. The OneDrive link directs users to download a zip file which contains an ISO file that contains the LNK file as well as DLL. When it is opened (mounted) by the user’s system the LNK file disguises itself as an Document tempts the user to open it. When the user opens the LNK file the malware infection is activated.
What happens next after Diavol ransomware is infected by Diavol ransomware? PC
Once the Diavol malware infects a computer and is able to perform some pre-processing of the victim’s system which includes registering the device on an external server, terminating processes that are running, locating local drives and files on the system that need to be encrypted and prevent recovery by eliminating shadow copies. After that, the files are secured and the desktop wallpaper altered with a ransom note.
“Diavol is also devoid of any form of obfuscation because it doesn’t make use of packing techniques or anti-disassembly tricks however, it does manage to complicate analysis by storing its primary routines inside bitmap images.Advertisement
If it is executed on a compromised device in the process, the ransomware removes its code out of the image’s PE resource section, and then is loaded into an executable buffer,” it added.
How can you stay safe from Diavol ransomware
To stay protected from this malware, it’s vital that users upgrade their operating systems and software with the most recent patches.Scan every incoming and outgoing emails for threats to stop executable files to prevent them from reaching users.Advertisement
Other options include segregation of networks and segmentation into zones of security – which aid in protecting crucial information and essential services. Separate the administrative networks from business processes using physical controls as well as Virtual Local Area Networks.
“Restrict users’ access for installing and running software programs as well as apply the concept in the concept of “least permission” to every system and service. Limiting access to these resources can stop malware from running and limit its ability to spread across networks. Install firewalls that restrict access to known malware IP addresses.
It is recommended that users turn off their RDP even when it is not being used and, if needed, it can be hidden behind a firewall and users should be bound by the correct policies when working with this RDP,” said CERT-In.