Fraud Management & Cybercrime , Ransomware

Indian Official Highlights Djvu Ransomware as Threat

Djvu Camouflages Itself as Cracked Software
Indian Official Highlights Djvu Ransomware as Threat

The rise in known ransomware attacks in India is being propelled in large measure by malware that masquerades as legitimate software.

See Also: OnDemand | Hacker’s Guide to Ransomware Mitigation and Recovery

Figures from the Indian Computer Emergency Response Team show known ransomware incidents grew by 51% during the first six months of 2022. Djvu ransomware - a variant of Stop ransomware - "is very common," said Deepak Kumar, a senior cyber intelligence and digital forensics officer at the Ministry of Home Affairs' Cyber Crime Coordination Center.

"In India, maximum companies are getting attacked by Djvu-Stop ransomware. We have seen various cases of Djvu including its variants," Kumar said during a webinar, reported Money Control.

Djvu gains entry by camouflaging itself as legitimate software, often as a supposedly illicit proprietary application whose activation key has been cracked by hackers, researchers from BlackBerry wrote recently. First spotted in 2018, Djvu often attacks consumers who attempt to torrent pirated software or download a keygen program in order to directly circumvent software licensing.

Its operators recently have connected with operators of info stealers and have dropped the Arkei variant of the Vidar Stealer and Redline Stealer onto infected operating systems, BlackBerry said. Djvu itself is deployed as a payload of the known malware dropper family SmokeLoader, researchers also say.

The nationality of Djvu's coders is unknown, but - as with most ransomware criminals - it's a good bet that they're located somewhere in the former Soviet Union. One of the first steps BlackBerry researchers say Djvu ransomware takes after infecting a computer is to check for the machine's location via its IP address. Djvu terminates infections for IP addresses that match a slew of former Soviet countries including Russia, Belarus, Armenia and Kazakhstan - as well as Syria, a Middle Eastern country whose governing regime's survival was bolstered significantly by Russian intervention in an ongoing civil war.


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.