Quick Heal has reportedly found a new ransomware called ‘Sarbloh’ which encrypts files to .Sarbloh extension. After this malware successfully infects your files then it will show you a political message supporting the ongoing farm protests. The attack is hosted by ‘Khalsa Cyber Fauj’. According to reports, these attackers are also using ‘military-grade encryption’ to plot this attack.
Here is the full text of the ransom note:
Using military-grade EnCryPtiOn all the files on your system have been made useless. India, Sikhs have long been the face against the oppression placed upon them. Each time we have resisted. Today you come for the very throats of Hindu, Sikh, and Muslim farmers by trying to take their livelihood. You will not succeed in your sinister ways. The two-sided sword of the Khalsa is at any moments notice. Tyaar bar tyaar. Wherever our blood is spilled, the tree of Sikhi uproots from there. If your intentions for the farmers are pure and you wish to help them, this is not the way. Halemi Raj, Sikh Raj, was not this way. If the laws are not repealed. Your fate is no different to what the Khalsa did to Sirhind. Waheguru Ji Ka Khalsa, Waheguru Ji Ki Fateh.
However, Dr. Darshan Pal, the president of Krantikari Kisan Union has clearly denied any involvement with the new malware attack.
“This farmers’ movement is completely peaceful. Some websites are sending threatening messages related to the Kisan movement through software called ‘SARBLOH RANSOMWARE’ which is not related to the Samyukta Kisan Morcha or the farmer organisations of Punjab.”
The ransomware appears to be named after the ‘Sarbloh Granth,’ a book of scriptures related to Sikhism.
How does this ‘Sarbloh’ ransom attack work and are you at risk of being attacked?
Ransomware is malware that attacks your device and encrypts all your personal data and converts their extensions. For example, if in case you are attacked by Sarbloh then all your files would look like jpg.sarbloh, png.sarbloh, doc.sarbloh. This blocks you from accessing your personal data and files until and unless you pay a certain amount of ransom to the hacker. This kind of malware can enter your device from e-mails, messages, downloaded files, videos, cracked softwares.
“At this point, it is not clear how the malicious document is reaching users. Likely, it is being delivered through spam emails, which is the most used delivery mechanism in such attacks,” Himanshu Dubey, Director, Quick Heal Security Labs.
How can you protect your pc from this ‘Sarbloh’ ransom attack?
There aren’t any special precautionary measures. All you have to do is to make sure you don’t download files from untrusted websites and sources. Avoid clicking on links that are untrusted or unsecured. Make sure you have a firewall activated on your computer or laptop. Do not open spam emails and follow any links attached to them. Be careful while browsing do not open websites that expose your IP address. Always a backup ready if in case any such ransom attacks your device.