The attackers behind Sarbloh ransomware are not looking for money neither do they demand ransom but seek support for Farmers’ Protest in India.
Hackers never refrain from using any burning issue of political nature. The Indian government has been facing severe backlash and protests by farmers over the Indian agriculture act of 2020, also called the Farm Bill.
The Indian government attempted to made changes in the country’s agriculture system. This presents threat actors an ideal opportunity to benefit from the political unrest that has been going on for the past 100 days.
Hackers Exploiting Farmer Protests in India
According to researchers at QuckHeal, a new ransomware strain called Sarbloh has been detected targeting political entities linked to the farmer protests.
SEE: Indian PM Modi’s Twitter handle hacked to ask for Bitcoin donations
Researchers claim that this ransomware campaign is agenda-driven as the ransomware distributors aren’t asking for a ransom payment but are focusing on keeping the targeted systems offline.
How is Sarbloh Delivered?
Sarbloh ransomware strain can encrypt documents, audio, image, databases, videos, and various filetypes and appends them with the .sarbloh extension. The payload is distributed through a macro-ridden document with a heavily obfuscated VBA code, which arrives in email.
Malicious email
The malware distributors lure the email recipient into opening it by creating content that appears nationalistic. The victims are urged to enable content to view the file. If they do, the sarbloh ransomware supporting indian farmers protest
