The Indian Government warns netizens as there’s a new Diavol virus spreading through mails. It’s a new type of ransomware that enters through the mail and steals users’ data.

Ransomware is a type of malware that locks the PC or personal files and blackmails the users for money in the form of Bitcoins. If users refuse to transfer the money, the attackers will damage the personal files or make the PC completely dysfunctional.

The government issued a virus alert through The Indian Computer Emergency Response Team (CERT-In) as ransomware named ‘Diavol’ is targeting Windows users. Moreover, it locks the PC remotely and demands users for money once the payload is delivered.

“It is encrypting files using user-mode Asynchronous Procedure Calls (APCs) with an asymmetric encryption algorithm,” shares CERT-In.

According to the CERT-In, the Diavol malware enters the PC via email which includes a link to OneDrive. When users click on the link, a zip file starts downloading which consists of an ISO file.

The ISO file has an LNK file and this acts as document entices. Once the user clicks on the file, the malware spread will be initiated.

It is said that the Diavol virus is compiled with the Microsoft Visual C/C++ compiler.

“Diavol also lacks any obfuscation as it doesn’t use packing or anti-disassembly tricks, but it still manages to make analysis harder by storing its main routines within bitmap images. When executing on a compromised machine, the ransomware extracts the code from the images’ PE resource section and loads it within a buffer with execution permissions,” CERT-In said.

“Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network. Configure firewalls to block access to known malicious IP addresses. Users are advised to disable their RDP if not in use, if required it should be placed behind the firewall and users are to bind with proper policies while using the RDP,” it further added.

Cover Image: iStock