Live
- Gali Janardhana Reddy announces gold-plating of Anjaneyaswamy Temple tower
- Private practitioner found operating from govt clinic
- PM stresses on thinking out-of-the-box in every sector
- Lokayukta cracks down, seizes illicit assets worth crores
- Farmers protest over delay in canal repair
- Amid continuing furore, five more maternal deaths occur in State
- Fostering a robust innovation
- New AP tourism policy hailed
- Village that gave land for Suvarna Vidhana Soudha, a picture of apathy
- What’s The Matter At Hand?
Just In
Government Warning: New Diavol Virus Spreads Via Email To Rob Your Money
CERT-In, in its latest notice, warned about the ransomware called Diavol. This malware spreads via email, which includes a link to OneDrive.
The Government of India has issued a "Virus Alert" through the Computer Emergency Response Team of India (CERT-In) after a new kind of ransomware was discovered to be spreading via email. The ransomware targets Windows computers, and once the payload is delivered, it locks the PC remotely and prompts the user for money. For those unaware, ransomware is a sophisticated type of malware that completely locks the system or important files and then blackmails users into transferring money (via Bitcoins). If the user does not transfer the ransom, the files are usually deleted, or the PC may be rendered useless.
CERT-In, in its latest notice, warned about the ransomware called Diavol. According to the advisory, the Thai ransomware is compiled with the Microsoft Visual C / C ++ Compiler. "It is encrypting files using user-mode Asynchronous Procedure Calls (APCs) with an asymmetric encryption algorithm," it said.
According to CERT-In, the Diavol malware has spread via email, including a link to OneDrive. The OneDrive link instructs the user to download a compressed file containing an ISO file containing an LNK file and a DLL—once opened (mounted) on the users' system, the LNK file disguised as Document invites the user to click/open it. Once the user executes the LNK file, the malware infection will start.
What happens after Diavol ransomware infects a PC?
After the Diavol malware infects a PC, it performs pre-processing on the victim's system, including registering the victim's device with a remote server, terminating running processes, searching for local drives and files on the system to encrypt and prevent recovery by deleting snapshots. Then the files are locked, and the desktop background is changed with a ransom message.
"Diavol also lacks any obfuscation as it doesn't use packing or anti-disassembly tricks, but it still manages to make analysis harder by storing its main routines within bitmap images.
When run on a compromised machine, the ransomware extracts the code from the PE resource section of the images and loads it into a buffer with execute permissions, "he added.
How to stay safe from Diavol ransomware?
To stay safe from this ransomware, users must update software and operating systems with the latest patches. In addition, scan all incoming and outgoing emails for threats and filter executable files from reaching end users.
Other methods include network segmentation and security zone segregation, which helps protect sensitive information and critical services. Separate the administrative network from business processes with physical controls and virtual local area networks.
"Restrict users' permissions to install and run software applications, and apply the principle of "least privilege" to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network. Configure firewalls to block access to known malicious IP addresses. Users are advised to disable their RDP if not in use; if required, it should be placed behind the firewall, and users are to bind with proper policies while using the RDP," said CERT-In.
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com