· The ransomware is designed to target entities connected with farmer protests in India, with Khalsa Cyber Fauj reported to be leading this attack
· The infection vector is usually in the form of emails, containing a political message supporting the farmer community
Threat actors have constantly shown keen awareness towards the current events in a country or across the globe, for instance, the on-going farmer protest against the new set of laws, also known as the Farm Bills, in the Indian context. In its endeavor to continuously monitor and analyze the evolving threat environment, Quick Heal Security Labs, the threat research and response division of global cybersecurity firm Quick Heal Technologies, has discovered a new ransomware called Sarbloh, which is being distributed through malicious Word documents containing a political message supporting the farmer community.
Surprisingly, threat actors through this new attack technique are infecting user devices by encrypting their files without asking for a ransom, which is usually the key objective of any ransomware. According to the researchers, the attack is hosted by a group called Khalsa Cyber Fauj, which is using military-grade encryption on system files to turn them useless, conveying a message that no data will be recovered until the demands of the farmers are met. Quick Heal’s users are protected from this new form of attack with the help of its unique and patented signatureless detection technology.
Quick Heal advises users to not download any attachment that comes from unknown emails and messages. Also, do not enable macros in the Doc received mainly from emails. They also suggest people to avoid clicking on unverified links and those found in spam email. Besides, practice backing up the data so that it can be recovered in case of compromise, and keep updating antivirus solutions to stay protected.
India, March 10, 2021
.JPG)
