The Indian government has issued a ‘virus alert’ through the Indian Computer Emergency Response Team (CERT-In) after a new type of ransomware spread via email. The ransomware is targeting Windows computers and once the payload is delivered, it remotely locks the PC and demands money from the users in return.
For the unaware, ransomware is a type of malware that completely locks the system or its essential files and then blackmails users to transfer money, that too via bitcoin. If the user does not pay the ransom, the files are usually deleted or the PC may be damaged.
CERT-In has warned about ransomware named Diavol in its new advisory. As per the advisory, Thai Ransomware is compiled with Microsoft Visual C/C++ Compiler. “It is encrypting files using user-mode asynchronous procedure calls (APCs) with an asymmetric encryption algorithm,” it said.
How does the new Diavol ransomware work?
According to CERT-In, the Diavol malware is spreading through emails that contain a link to OneDrive. The OneDrive link instructs users to download a Zip file, which includes an iOS file, which includes an LNK file and a DLL.
If you take care of these 3 trends in the new year, your pockets will be rich
Once open (mounted) on the user system, the LNK file is disguised as a document and entices the user to click/open it. The malware virus will start working as soon as the user opens the LNK file.
What happens after Diavol ransomware is installed on PC?
Diavol malware Once a PC is infected with a virus, it performs pre-processing on that system, including registering the device with a remote server, terminating the running process, searching local drives and files in the system to encrypt and deleting the shadow file. Then, the files are locked and the ransom message appears instead of the desktop wallpaper.
How To Avoid Diavol Ransomware?
To avoid this ransomware, it is important that users update the software and operating system with new patches. Scan all incoming and outgoing email to detect threats and filter files from reaching end users.
Apart from this, network segmentation and segregation in security zones, it helps in protecting sensitive information and important services. Separate the administrative network from the business process with physical control and a virtual local area network.