Indian Official Highlights Djvu Ransomware as ThreatDjvu Camouflages Itself as Cracked Software
The rise in known ransomware attacks in India is being propelled in large measure by malware that masquerades as legitimate software.
See Also: M-Trends 2023 Report
Figures from the Indian Computer Emergency Response Team show known ransomware incidents grew by 51% during the first six months of 2022. Djvu ransomware - a variant of Stop ransomware - "is very common," said Deepak Kumar, a senior cyber intelligence and digital forensics officer at the Ministry of Home Affairs' Cyber Crime Coordination Center.
"In India, maximum companies are getting attacked by Djvu-Stop ransomware. We have seen various cases of Djvu including its variants," Kumar said during a webinar, reported Money Control.
Djvu gains entry by camouflaging itself as legitimate software, often as a supposedly illicit proprietary application whose activation key has been cracked by hackers, researchers from Blackberry wrote recently. First spotted in 2018, Djvu often attacks consumers who attempt to torrent pirated software or download a keygen program in order to directly circumvent software licensing.
Its operators recently have connected with operators of info stealers and have dropped the Arkei variant of the Vidar Stealer and Redline Stealer onto infected operating systems, Blackberry says. Djvu itself is deployed as a payload of the known malware dropper family SmokeLoader, researchers also say.
The nationality of Djvu's coders is unknown, but - like most ransomware criminals - it's a good bet that they're located somewhere in the former Soviet Union. One of the first steps Blackberry researchers say Djvu ransomware takes after infecting a computer is to check for the machine's location via its IP address. Djvu terminates infections for IP addresses that match a slew of former Soviet countries including Russia, Belarus, Armenia and Kazakhstan - as well as Syria, a Middle Eastern country whose governing regime's survival was bolstered significantly by Russian intervention in an ongoing civil war.