Light Dark
October 19, 2017 By Shane Schick 2 min read

The cybercriminals behind the Necurs botnet are now taking screenshots of victims’ machines to improve the performance of their ransomware attacks, according to security researchers.

Experts at Symantec first disclosed a new Necurs downloader designed to gather telemetry data from infected computers, which could potentially help the cybergang determine when its ransomware is aimed at particularly lucrative victims. Any faulty issues with the downloader itself will be reported back to the Necurs team, which is responsible for malware such as Locky and the sinister TrickBot banking Trojan.

Necurs Spies on Victims to Refine Ransomware Attacks

According to ZDNet, there had been little evidence of activity from Necurs during the first half of the year. More recently, however, Locky ransomware attacks have been on the rise via messages laden with malware, suggesting that the cybercriminals behind the bot have been taking pains to make it even stronger.

Whereas a legitimate software company might lean on its users to alert them to problems, sending back error data and collecting screen grabs is the attackers’ way of bolstering Necurs’ effectiveness by themselves.

According to Gaurav Banga, CEO and founder of risk management firm Balbix, cybercriminals are acting less like rogue hackers and more like highly organized corporations who treat ransomware attacks as their product, SC Magazine reported. Potential victims will need to be even more organized and aware of the dangers before they’re hit.

Fortunately, the forces behind Necurs are not being very innovative in the area of phishing email messages. IT Wire reported that victims tend to receive something that looks like an invoice. Clicking on an embedded link then launches either Locky or TrickBot, infecting the user’s desktop and also taking screen shots as part of the infection process when the ransomware attacks begin.

An Ominous Threat

The latest downloader variant could mean that Necurs wants to spend less time targeting wary computer users, Bleeping Computer suggested. Telemetry data could help identify large enterprises where ransomware attacks could lead to bigger payoffs.

The fact that these cybercriminals are being so methodical in their approach — and so diligent about fixing their mistakes — makes Necurs a particularly ominous threat.

 |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature