World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

in malware •  7 years ago 

 A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe.
The popular malspam botnet Necrus which has previously found distributing Dridex banking trojanTrickbot banking trojanLocky ransomware, and Jaff ransomware, has now started spreading a new version of Scarab ransomware.
According to F-Secure, Necurs botnet is the most prominent deliverer of spam emails with five to six million infected hosts online monthly and is responsible for the biggest single malware spam campaigns.
Scarab ransomware is a relatively new ransomware family that was initially spotted by ID Ransomware creator Michael Gillespie in June this year.

Massive Email Campaign Spreads Scarab Ransomware

 According to a blog post published by security firm Forcepoint, the massive email campaign spreading Scarab ransomware virus started at approximately 07:30 UTC on 23 November (Thursday) and sent about 12.5 million emails in just six hours.
The Forcepoint researchers said "the majority of the traffic is being sent to the .com top-level domain (TLD). However, this was followed by region-specific TLDs for the United Kingdom, Australia, France, and Germany."
The spam email contains a malicious VBScript downloader compressed with 7zip that pulls down the final payload, with one of these subject lines:

  • Scanned from Lexmark
  • Scanned from Epson
  • Scanned from HP
  • Scanned from Canon

As with previous Necurs botnet campaigns, the VBScript contained a number of references to the widely watched series Game of Thrones, like the strings 'Samwell' and 'JohnSnow.'
The final payload is the latest version of Scarab ransomware with no change in filenames, but it appends a new file extension with ".[[email protected]].scarab" to the encrypted files.
Once done with the encryption, the ransomware then drops a ransom note with the filename "IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT" within each affected directory.
The ransom note does not specify the amount being demanded by the criminals; instead, it merely states that "the price depends on how fast you [the victim] write to us."
However, Scarab ransomware offers to decrypt three files for free to prove the decryption will work: "Before paying you can send us up to 3 files for free decryption."

Protection Against Ransomware

To safeguard against such ransomware infection, you should always be suspicious of any uninvited document sent over an email and should never click on links provided in those documents unless verifying the source.
Most importantly, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC in order to always have a tight grip on all your important files and documents.
Moreover, make sure that you run an active anti-virus solution on your system, and always browse the Internet safely. 

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Google LLC[5] is an American multinational technology company that specializes in Internet-related services and products. These include online advertising technologies, search, cloud computing, software, and hardware.

give me a vote please to Encouraging me

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://thehackernews.com/2017/11/necrus-scarab-ransomware.html