A massive malicious email campaign that will stems through the globe’s largest spam botnet Necurs can be spreading a completely new strain of ransomware at the rate of over 2 million emails per hour along with hitting computers across the globe.
The well-known malspam botnet Necrus which has previously found distributing Dridex banking trojan, Trickbot banking trojan, Locky ransomware, along with Jaff ransomware, has currently started off spreading a completely new type of Scarab ransomware.
According to F-Secure, Necurs botnet can be the most prominent deliverer of spam emails with 5 to six million infected hosts online monthly along with can be responsible for the biggest single malware spam campaigns.
Scarab ransomware can be a relatively completely new ransomware family that will was initially spotted by ID Ransomware creator Michael Gillespie in June that will year.
Massive Email Campaign Spreads Scarab Ransomware
According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started off at approximately 07:30 UTC on 23 November (Thursday) along with sent about 12.5 million emails in just six hours.
The Forcepoint researchers said “the majority of the traffic can be being sent to the .com top-level domain (TLD). However, that will was followed by region-specific TLDs for the United Kingdom, Australia, France, along with Germany.”
The spam email contains a malicious VBScript downloader compressed with 7zip that will pulls down the final payload, with one of these subject lines:
- Scanned through Lexmark
- Scanned through Epson
- Scanned through HP
- Scanned through Canon
As with previous Necurs botnet campaigns, the VBScript contained several references to the widely watched series Game of Thrones, like the strings ‘Samwell’ along with ‘JohnSnow.’
The final payload can be the latest type of Scarab ransomware with no change in filenames, nevertheless the idea appends a completely new file extension with “.[firstname.lastname@example.org].scarab” to the encrypted files.
Once done with the encryption, the ransomware then drops a ransom note with the filename “IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ that will.TXT” within each affected directory.
The ransom note does not specify the amount being demanded by the criminals; instead, the idea merely states that will “the cost depends on how fast you [the victim] write to us.”
However, Scarab ransomware offers to decrypt three files for free to prove the decryption will work: “Before paying you can send us up to 3 files for free decryption.”
Protection Against Ransomware
To safeguard against such ransomware infection, you should always be suspicious of any uninvited document sent over an email along with should never click on links provided in those documents unless verifying the source.
Most importantly, keep a Great backup routine in place that will makes their copies to an external storage device that will can be not always connected to your PC in order to always have a tight grip on all your important files along with documents.
Moreover, make sure that will you run an active anti-virus solution on your system, along with always browse the Internet safely.