Security researchers have detected a massive spam campaign, delivering Scarab crypto-malware into email inboxes all over the world. Necurs botnet plays a huge part in the transmission of this infection as it as already managed to send around 2 million malicious emails per hour.
This means that the number of targeted people/victims increases drastically. Necurs had been noticed to be involved with a number of other crypto-viruses, like, Locky, Diablo6, Globe Imposter and others. Now, it has taken Scarab ransomware under its wing.
Necurs botnet began its email campaign on 23rd of November and in only six hours, it managed to send 12.5 million letters. Fake messages had subjects of “Scanned From [name of a company]”. Therefore, emails can differ for individual victims and the campaign could still be ongoing.
Messages will attempt to convince people that attachments will deliver only scanned images. However, email letters spread 7zip archives that also carried Visual Basic Scripts. The malicious codes will download and run the actual Scarab ransomware. Soon enough, many of the victims’ digital files become encoded.
First of all, what is Scarab crypto-virus?
Scarab infection is a persistent sample of ransomware. It was first detected in the summer of 2017, but researchers did not detect its activity until the end of November. In the deceitful email messages that are sent by Necurs botnet, victims are recommended to download a specific .zip file. What users do not realize is that once this file is launched, operating system will become infected with a payload of Scarab ransomware.
The crypto-malware appends an original extension to the encrypted digital data: [[email protected]].scarab. If victims would wish to contact hackers, they can do this by sending messages to [email protected] email address.
However, this will won’t be of a much help. Weirdly enough, the ransom note of Scarab crypto-malware has no mention of the actual amount of the ransom. Hackers explain that the sooner victims will contact hackers (via email), the smaller the ransom will be.
Do not download attachments that might deliver Scarab ransomware
Spam campaigns are more frequent then you think. If users would check their “spam” folder, they would be able to see the exact number of ridiculous messages they receive. Of course, it might be that an email address has never been involved in security breaches. As a result, hackers do not target it. However, if you notice letters that have subjects of “Scanned From [name of a company]”, remove it from your inbox without any hesitation. Of course, a general advice would be to backup important digital data.
Source: labsblog.f-secure.com.
