Researchers have discovered a new ransomware strain named Scarab which is now being distributed to millions of users via Necurs botnet.According to Forcepoint security researchers, the ongoing spam campaign was first spotted on Thanksgiving day at 07:30 U
Researchers have discovered a new ransomware strain named Scarab which is now being distributed to millions of users via Necurs botnet.According to Forcepoint security researchers, the ongoing spam campaign was first spotted on Thanksgiving day at 07:30 UTC. Read more on: MuddyWater: Hackers Target Middle East NationsWithin a few hours, it was seen that 12.5 million email carrying the ransomware were sent out using Necurs botnet.
Most of the cybersecurity experts have reported about the ongoing spam campaign which includes F-Secure, Forcepoint, MalwareHunter, and MyOnlineSecurity.Earlier Necurs botnet was used to spread other malware like Locky, Jaff, GlobeImposter, Dridex and the Trickbot.It gained attention when there was a sudden increase in Scarab ransomware detection in ID-Ransomware which is a service helps the user to detect the type of ransomware infected in their system.Read more: Matrix Ransomware – Exploiting Internet Explorer VulnerabilitiesThe working of Scarab follows a similar pattern like other malware spread via Necurs botnet. Emails disguised as containing scanned images or documents were sent to the users by keeping subject lines which make users open like
- Scanned from Lexmark
- Scanned from HP
- Scanned from Canon
- Scanned from Epson
You may be interested in reading: Self Replicating qkG Ransomware Targets Word DocumentsResearchers said that there was a reference to the Game of Thrones in the visual basic script similar to the locky ransomware distributed by Necurs botnet in September. The first variant of Scarab ransomware was discovered by security researcher Michael Gillespie in June and later in July, the second variant of ransomware was spotted by Malwarebytes security researcherMarcelo Riveraand was using .scorpio as the extension.The latest version was seen using .scarab as the extension and it does not change the file name.The ransomware also deletes the shadow volume copies and a ransom note named"IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT" was added to victim’s computer.
In the ransom note, there were no details of the amount to be paid but it was mentioned that quicker the user contact the attackers via email or bitmessage lesser the amount to be paid. Read more: How to use Internet of Things (IoT) Securely? An Insight from Global Cybersecurity Thought Leader!