November 29, 2017
By Shane Schick 2 min read

More than 12.5 million email accounts were hit with the infamous Necurs botnet, and within six hours were victims of an attack involving Scarab ransomware, according to security researchers.

Texas-based antivirus firm Forcepoint reported that victims were targeted across the U.S., U.K., France, Germany and Australia around Nov. 23. Those infected by Scarab found their machines locked by cybercriminals, who demanded a ransom payment in bitcoin to recover stolen files.

A Time-Sensitive Dilemma

Like other ransomware attacks spread by botnets, the fraudsters behind this attack used simple phishing emails that pretend to come from a printer manufacturer such as Epson, HP, Canon or Lexmark, according to the International Business Times. The messages included a zip folder that appeared to contain real files that had been scanned by a third party.

The behavior of Scarab is interesting because it adds a misspelled version of the word “support” to the files it has encrypted and then uses Notepad to relay the ransom message, according to the Forepoint report. The message walks through the nature of the threat and even includes a primer on how to get bitcoin.

Perhaps more alarming, the message notes that the price of the ransom depends on the speed at which victims respond to the extortion. To pay up, victims can opt to use Bitmessage, a communication tool for the bitcoin community, or simply send an email to an attacker-controlled address specified in the message. This puts victims in a challenging position, given the speed at which botnets can spread this type of infection.

The Necurs Botnet Is Old News

Although the Scarab ransomware only emerged this past summer, Bleeping Computer noted that the use of botnets such as Necurs to give fraudsters immediate global reach is a long-standing trend.

In this case, it’s possible that more than one cybergang joined forces to use Necurs and Scarab in tandem. This could make tracking down the culprits — let alone recovering lost or hijacked files — even more difficult for security researchers.

 |  |  |  |  | 
Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.

More from

Endpoint   March 20, 2023

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

News   March 20, 2023

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

Risk Management   March 20, 2023

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

Security Services   March 17, 2023

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature