World's Biggest Botnet Only Sent 12.5 1 G M Emails Amongst Scarab Ransomware

H5N1 massive malicious electronic mail crusade that stems from the world's largest spam botnet Necurs is spreading a novel strain of ransomware at the charge per unit of measurement of over ii meg emails per hr in addition to hitting computers across the globe.

The pop malspam botnet Necrus which has previously flora distributing Dridex banking trojan, Trickbot banking trojan, Locky ransomware, in addition to Jaff ransomware, has right away started spreading a novel version of Scarab ransomware.

According to F-Secure, Necurs botnet is the most prominent deliverer of spam emails alongside 5 to 6 meg infected hosts online monthly in addition to is responsible for the biggest unmarried malware spam campaigns.

Scarab ransomware is a relatively novel ransomware household unit of measurement that was initially spotted past times ID Ransomware creator Michael Gillespie inwards June this year.

Massive Email Campaign Spreads Scarab Ransomware

According to a blog post published past times safety draw solid Forcepoint, the massive electronic mail crusade spreading Scarab ransomware virus started at exactly about 07:30 UTC on 23 Nov (Thursday) in addition to sent most 12.5 meg emails inwards exactly 6 hours.

The Forcepoint researchers said "the bulk of the traffic is beingness sent to the .com top-level domain (TLD). However, this was followed past times region-specific TLDs for the United Kingdom, Australia, France, in addition to Germany."

The spam electronic mail contains a malicious VBScript downloader compressed alongside 7zip that pulls downward the concluding payload, alongside ane of these dependent plain lines:

• Scanned from Lexmark
• Scanned from Epson
• Scanned from HP
• Scanned from Canon

As alongside previous Necurs botnet campaigns, the VBScript contained a issue of references to the widely watched serial Game of Thrones, similar the strings 'Samwell' in addition to 'JohnSnow.'

The concluding payload is the latest version of Scarab ransomware alongside no modify inwards filenames, but it appends a novel file extension alongside ".[suupport@protonmail.com].scarab" to the encrypted files.

Once done alongside the encryption, the ransomware in addition to thus drops a ransom Federal Reserve annotation alongside the filename "IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT" inside each affected directory.

The ransom Federal Reserve annotation does non specify the total beingness demanded past times the criminals; instead, it simply states that "the cost depends on how fast yous [the victim] write to us."

However, Scarab ransomware offers to decrypt 3 files for costless to show the decryption volition work: "Before paying yous tin hand notice transportation us upward to 3 files for costless decryption."

Protection Against Ransomware

To safeguard against such ransomware infection, yous should ever last suspicious of whatever uninvited document sent over an electronic mail in addition to should never click on links provided inwards those documents unless verifying the source.

Most importantly, proceed a skillful backup routine inwards house that makes their copies to an external storage device that is non ever connected to your PC inwards social club to ever convey a tight suitcase on all your of import files in addition to documents.

Moreover, brand certain that yous run an active anti-virus solution on your system, in addition to ever browse the Internet safely.

Share This :