Threat actors have constantly shown keen awareness towards the current events in a country or across the globe, for instance, the on-going farmer protest against the new set of laws, also known as the Farm Bills, in the Indian context. In its endeavor to continuously monitor and analyze the evolving threat environment, Quick Heal Security Labs, the threat research and response division of global cybersecurity firm Quick Heal Technologies, has discovered a new ransomware called Sarbloh, which is being distributed through malicious Word documents containing a political message supporting the farmer community.
Surprisingly, threat actors through this new attack technique are infecting user devices by encrypting their files without asking for a ransom, which is usually the key objective of any ransomware. According to the researchers, the attack is hosted by a group called Khalsa Cyber Fauj, which is using military-grade encryption on system files to turn them useless, conveying a message that no data will be recovered until the demands of the farmers are met. Quick Heal’s users are protected from this new form of attack with the help of its unique and patented signatureless detection technology.
Himanshu Dubey, Director – Quick Heal Security Labs said, “Threat actors have constantly demonstrated innovation through their evolving attack strategies. The latest Sarbloh ransomware that appears to be working in the favor of farmers without any monetary grains is a testimony to their growing attack abilities. At Quick Heal Technologies, we aim to protect our users through our patented signatureless, behavior-based detection technology by combating increasingly sophisticated threats in the cybersecurity ecosystem. Our unique malware detection process leverages code-injection techniques like process hollowing, code-cave attack, etc., to block such attacks. We will continue to analyze the threat environment and deploy safety measures for our users.”