Beware of Diavol ransomware that steals money thru email

New Delhi: After a new strain of ransomware called Diavol was discovered circulating by email, the Central government has issued a 'virus alert'. Issued by CERT-In (The Indian Computer Emergency Response Team), the alert informs about the ransomware that is designed to infect Windows computers. Once installed, it shuts down the device remotely and demands payment from the operator. Diavol virus has been spreading through email attachments that contain a URL link to OneDrive. The LNK file disguised as a Document prompts the users into clicking it, once it has been opened (mounted) on the user's PC.

The ransomware installation will begin once the user runs the LNK file. Unless the user does not pay the money, the data is usually erased, and the computer may become unusable. For the unfamiliar, ransomware is a sort of special software that blocks the overall system or important documents and then manipulates users into paying a ransom (usually via cryptocurrency).

It is essential that users upgrade their programs and operating systems with the recent versions in order to avoid being infected by this malware. Network segmentation and division into security zones are two further approaches for protecting sensitive data and key services. Physical controls and Virtual Local Area Networks can be used to separate the operational network from business functions. When not in use, users should deactivate their Remote Desk Protocol (RDP) and, if necessary, place it behind a secured network. According to CERT-In, "restrict users' permissions to install and run software applications". These permissions can be restricted to prohibit malware from operating or spreading over a system.

Before locking a PC and blocking recovery by erasing mirror copies, the Diavol virus pre-processes it. It doesn't utilize any compression or anti-disassembly techniques, but by encoding its core algorithms in bitmap pictures, it finds a way to make evaluation more difficult.