The Indian Government warns netizens as a new Diavol virus spreads through mails. It’s a new type of ransomware that enters through the mail and steals users’ data.
Ransomware is a type of malware that locks the PC or personal files and blackmails the users for money in the form of Bitcoins. If users refuse to transfer the money, the attackers will damage the personal files or make the PC completely dysfunctional.
The government issued a virus alert through The Indian Computer Emergency Response Team (CERT-In) as ransomware named ‘Diavol’ is targeting Windows users. Moreover, it locks the PC remotely and demands users for money once the payload is delivered.
“It is encrypting files using user-mode Asynchronous Procedure Calls (APCs) with an asymmetric encryption algorithm,” shares CERT-In.
According to the CERT-In, the Diavol malware enters the PC via email, including a link to OneDrive. When users click on the link, a zip file starts downloading which consists of an ISO file.
The ISO file has an LNK file and this acts as document entices. Once the user clicks on the file, the malware spread will be initiated.
It is said that the Diavol virus is compiled with the Microsoft Visual C/C++ compiler.
“Diavol also lacks any obfuscation as it doesn’t use packing or anti-disassembly tricks, but it still manages to make analysis harder by storing its main routines within bitmap images. When executing on a compromised machine, the ransomware extracts the code from the images’ PE resource section and loads it within a buffer with execution permissions,” CERT-In said.
In addition, restrict the permissions users have to install and run software applications, and apply the principle of “least privilege” to all systems and services. This may prevent malware from running or limit its ability to spread through a network. Set up firewalls to block access to known malicious IP addresses. “We advise users to disable their RDP if not in use, and if necessary to place it behind the firewall. While using the RDP, users should bind with appropriate policies,” the document continued.