The pop malspam botnet Necrus which has previously constitute distributing Dridex banking trojan, Trickbot banking trojan, Locky ransomware, in addition to Jaff ransomware, has forthwith started spreading a novel version of Scarab ransomware.
According to F-Secure, Necurs botnet is the most prominent deliverer of spam emails amongst v to vi i 1000 k infected hosts online monthly in addition to is responsible for the biggest unmarried malware spam campaigns.
Scarab ransomware is a relatively novel ransomware menage unit of measurement that was initially spotted yesteryear ID Ransomware creator Michael Gillespie inward June this year.
Massive Email Campaign Spreads Scarab Ransomware
The Forcepoint researchers said "the bulk of the traffic is beingness sent to the .com top-level domain (TLD). However, this was followed yesteryear region-specific TLDs for the United Kingdom, Australia, France, in addition to Germany."
The spam e-mail contains a malicious VBScript downloader compressed amongst 7zip that pulls downwardly the concluding payload, amongst i of these discipline lines:
- Scanned from Lexmark
- Scanned from Epson
- Scanned from HP
- Scanned from Canon
As amongst previous Necurs botnet campaigns, the VBScript contained a issue of references to the widely watched serial Game of Thrones, similar the strings 'Samwell' in addition to 'JohnSnow.'
The concluding payload is the latest version of Scarab ransomware amongst no modify inward filenames, but it appends a novel file extension amongst ".[suupport@protonmail.com].scarab" to the encrypted files.
Once done amongst the encryption, the ransomware in addition to then drops a ransom banker's complaint amongst the filename "IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT" inside each affected directory.
The ransom banker's complaint does non specify the total beingness demanded yesteryear the criminals; instead, it simply states that "the cost depends on how fast y'all [the victim] write to us."
However, Scarab ransomware offers to decrypt 3 files for complimentary to evidence the decryption volition work: "Before paying y'all tin sack ship us upwards to 3 files for complimentary decryption."
Protection Against Ransomware
To safeguard against such ransomware infection, y'all should ever go suspicious of whatsoever uninvited document sent over an e-mail in addition to should never click on links provided inward those documents unless verifying the source.
Most importantly, proceed a skillful backup routine inward house that makes their copies to an external storage device that is non ever connected to your PC inward social club to ever accept a tight traveling pocket on all your of import files in addition to documents.
Moreover, brand certain that y'all run an active anti-virus solution on your system, in addition to ever browse the Internet safely.
