The Indian government has issued an alert for a harmful virus spreading through email that is locking down people’s computers in exchange for a ransom.
To the unaware, such an attack is often referred to as ‘ransomware’. It is essentially malware that takes control of a computer and locks down all of its files and data and blackmails the victims to transfer a particular amount to the ransomers, sometimes in a specific time frame. Failing to do so could result in the deletion of crucial data.
The Indian Computer Emergency Response Team (CERT-In) has notified new ransomware, dubbed Diavol Virus, has been affecting several computers across the nation.
How it attacks
According to CERT-In, the ransomware is compiled with Microsoft Visual C/C++ Compiler. The ransomware encrypts files of users by making use of user-mode Asynchronous Procedure Calls (APCs) with an asymmetric encryption algorithm.
The ransomware is being shared via email and also has a OneDrive link with it, where it asks the user to download the ZIP file that consists of an ISO file that consists of another LNK file and a DLL. When opened, it mounts on to a system and the LNK file, which looks like a document file, tempts the user to open it. After it’s opened, the damage is done and the system begins to get infected and multiply.
The virus starts by pre-processing on the victim’s computer, registering it with a remote server, locating drives and files to encrypt, while also preventing deletion of shadow copies. Files are then locked up and it changes the desktop wallpaper demanding ransom.
How to stay safe?
To avoid coming in contact with Diavol Virus, CERT-In recommends keeping their antivirus software — either Windows defender or other third party software — up to date to prevent Diavol from entering the system.
Alternatively, don’t download stuff from unknown sender’s drive or their attachments, to prevent the infected file from getting active.