The Indian Computer Emergency Response Team (CERT-In) has warned users against ViperSoftX, an information stealing malware and Royal Ransomware that has been targeting multiple critical infrastructure sector, the agency said in recent advisories.
In advisories dated May 2 and May 3 respectively, the nodal agency for cybersecurity warned against these ongoing cyber attacks and recommended several best practices to organisations to safeguard data and their network infrastructure.
This comes a few weeks after CERT-In, in a report, stated that there has been a 53 per cent increase in ransomware incidents in India in 2022 when compared to 2021. Earlier the government had also informed in the Parliament that 19 ransomware attacks were recorded against various government organisations in 2022
This report also comes at a time when Indian government websites have been reported of being targeted by Indonesian hacktivists, and few months after All India Medical Institute of Medical Sciences suffered a major ransomware breach that rendered several of its services inaccessible.
Royal Ransomware
"It has been reported that a ransomware, dubbed “Royal ransomware” is targeting multiple crucial infrastructure sectors including manufacturing, communications, healthcare, education, etc. or individuals. The ransomware encrypts the files on a victim's system and attackers ask for ransom payment in bitcoin. Attackers also threaten to leak the data in public domain also if denied payment," CERT-In said in an advisory.
The agency said that the ransomware spreads through phishing emails, and other forms of social engineering attacks. "Threat actors have followed many tactics to mislead victims into installing the remote access software as a part of callback phishing, where they pretend to be various service providers," it read.
After Royal Ransomware gets access to a network, it disables anti-virus protocols, exfiltrates large amount of data before encrypting them. It adds the ."royal" extension to encrypted file names, CERT-In said.
"It is also observed that Royal ransomware does not share the ransom information like demanded ransom amount, any instructions, etc. on a note like other ransomware, instead of this Royal actors like to connect with the victim directly via a .onion URL route (dark web TOR browser) so they only share the URL on an initial ransom note after encryption. The note will be in README.TXT format," the advisory said.
As a precaution, CERT-In urged organisations to maintain offline backups of data and regularly maintain backups. It also urged organisations to encrypt such data.
"This practice will ensure the organisation will not be severely interrupted, have irretrievable data (sic)," the advisory read.
ViperSoftX Malware
CERT-In also warned users of this malware, which uses sophisticated encrpytion method to steal information from users.
"The Windows malware targets Brave, Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera browsers, and uses several anti-detection, anti-analysis, and stealth-boosting features," the advisory said.
This version of the malware masquerades as a fake software update for multimedia editors, video format convertors or cryptocurrency apps, the advisory reads.
As remedial measures, CERT-In recommended users to download software and applications from official platforms and refrain using pirated software.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
