Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Sarbloh Ransomware Supports Indian Farmers’ Protest

New Sarbloh Ransomware Supports Indian Farmers’ Protest

A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers.

Last year the Indian government passed a new set of laws called the ‘Indian agriculture acts of 2020’, also known as the Farm Bills, which the government says is necessary to modernize its agricultural industry.

Farmers believe that these new laws will hurt their livelihoods and make it more challenging to generate revenue as the new laws removed restrictions on how farmers can sell goods and for how much.

Since November 2020, thousands of Indian farmers have been protesting these bills outside of New Delhi.

New Sarbloh ransomware supports the Indian farmers

As detailed by numerous security firms, including MalwarebytesCyble, and QuickHeal, a new ransomware known as ‘Sarbloh’ is being distributed through malicious Word documents that contain a political message in support of Indian farmers.

It is unknown whether the malicious Word document is sent via phishing emails or another method, but when opening it, users will be prompted to ‘Enable Content’ to view its content correctly.

Malicious Word document

Also Read: How a Smart Contract Audit Works and Why it is important

When the button is press, the Word document’s macros will download a file called putty.exe using bitsadmin.exe to the Documents folder and then executed.

When executed, the ransomware will encrypt files on the computer that match certain file types and append the .sarbloh to the file’s name. For example, the file 1.jpg would be encrypted and renamed to 1.jpg.sarbloh.

Sarbloh encrypted files

After the files on the computer have been encrypted, a ransom note will be created called README_SARBLOH.txt that contains a message supporting the farmers in India.

Sarbloh ransom note

The full text of this ransom note can be read below:


Using military grade EnCryPtiOn all the files on your system have been made useless.

India, Sikhs have long been the face against the oppression placed upon them.
Each time we have resisted.
Today you come for the very throats of Hindu, Sikh, and Muslim farmers by trying to take their livelihood.
You will not succeed in your sinister ways.
The two-sided sword of the Khalsa is at any moments notice. Tyaar bar tyaar.
Wherever our blood is spilled, the tree of Sikhi uproots from there.
If your intentions for the farmer’s are pure and
you wish to help them, this is not the way.
Halemi Raj, Sikh Raj, was not this way.

If the laws are not repealed. Your fate is no
different to what the Khalsa did to Sirhind.

Waheguru Ji Ka Khalsa, Waheguru Ji Ki Fateh

Khalsa Cyber Fauj

The ransomware appears to be named after the ‘Sarbloh Granth,’ a book of scriptures related to Sikhism.

According to Michael Gillespie, Sarbloh is based on open-source ransomware known as KhalsaCrypt that unfortunately has no known weaknesses.

Also Read: Data Centre Regulations Singapore: Does It Help To Progress?

However, unlike other ransomware, Sarbloh does not remove shadow volume copies, so it may be possible to recover files through shadow volumes.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us