Sarbloh Ransomware

The Sarbloh Ransomware is a file-encryption Trojan whose authors appear to be sympathetic with the ongoing protests of Indian farmers. However, the fact that the Sarbloh Ransomware supports a noble cause does not mean that its authors are up to any good certainly – the malware will encrypt files on compromised computers, and then drop a ransom note explaining the situation. Surprisingly, the authors of the Sarbloh Ransomware do not ask their victims to pay money, nor do they provide any contact details. Instead, they simply say that the victim's files will be decrypted automatically when the demands of the Indian farmers are met by the government.

It is not clear what method the authors of the Sarbloh Ransomware are using to propagate the malware, but it seems that some of the victims got infected by opening a corrupted document related to the ongoing protests. Users who interact with the fake document are asked to enable the execution of macros to view its content – if this is allowed, the Sarbloh Ransomware will begin its attack.

Files locked by the Sarbloh Ransomware are marked with the '.sarbloh' extension. The ransomware goes after a long list of file formats to ensure that its attack will cause significant damage. The ransom message is dropped at the end of the attack, and it is usually found under the name 'README_SARBLOH.txt.' Unfortunately, Sarbloh Ransomware's encryption routine is considered to be unbreakable, so its victims would be unable to rely on free decryption software. However, it is important to mention that the Sarbloh Ransomware does not try to delete Windows' Shadow Volume Copies – this may allow reputable data recovery software to restore some of the damaged files. This is the only thing that victims of the Sarbloh Ransomware can do to try and recover some of their data.

To prevent the Sarbloh Ransomware and similar threats from damaging your computer or data, you should protect your system with the use of a regularly updated anti-virus solution.