scarab ransomware
If you keep a close eye on the cybersecurity world, you must be knowing about Necurs botnet, which is one of the biggest botnets this world has seen. It’s known for playing a major role in spreading Locky ransomware and Dridex banking trojan. Over the course of past one year, it has expanded this list and included other malware strains as well.

In the latest development, Necurs botnet is being used to spread a spam campaign with Scarab ransomware. F-Secure security firm spotted the attack campaign which had malicious VBScript downloaders compressed with 7zip. The script also contains several ‘Game of Thrones’ references, including JohnSnow and Samwell.

Within six hours of the first attack, 12.5 million emails were distributed, which is about two million messages per hour.

It’s worth noting that email subject lines are “Scanned from (printer company name).” This theme is widely known to have been utilized for Locky ransomware. Here’s how to spot one:

scarabemail sample
Image: Sample email

Coming back to Scarab, it’s a relatively new ransomware, based on open source ransomware proof-of-concept named HiddenTear. It was discovered in June by Michael Gillespie, according to Forcepoint.

Once the ransomware infects a machine, it encrypts files and adds “[[email protected]].scarab” extension to affected files. A ransom note with filename “IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT” is also dropped in the affected directory.

Ransom Note

While the note doesn’t specify how much is the ransom, it states “the price depends on how fast you write to us”. The use of an email-based payment system has been seen this year often, including the NotPetya attack.

Various studies and surveys have shown that ransomware attacks are the fastest growing malware type. So, you must follow the best internet practices and avoid clicking on suspicious links in email or social networking websites.

Also Read: Young “Daeshgram” Hackers Flood Official ISIS Propaganda Channels With Porn