HomeWinBuzzer NewsNecurs Botnet Is Now Delivering over 12.5 Million Emails with Scarab Ransomware

Necurs Botnet Is Now Delivering over 12.5 Million Emails with Scarab Ransomware

The Scarab ransomware encrypts Windows PCs and breaks recovery options, telling users that the longer they take to pay, the more it will cost. The malware is delivered through the largest email botnet on the planet.


Forcepoint has discovered a scam email campaign that has pushed via at least 12.5 million emails. Scarab, which has been active since November 23, utilizes the Necurs botnet to send out millions of infected emails every hour.

Scarab was first detected by researchers in June, and it now has the backing of the world's biggest email spam botnet behind it. The emails read ‘Scanned from HP/Lexmark/Canon', and has a 7zip file attached.

As in previous iterations, a VBScript file is contained in that file, and the code has several Game of Thrones references. The script mentions Samwell, Jon Snow, and more. Once the payload is delivered, this variant drops a copy of itself, sevnz.exe, in the app data folder.

Time Sensitive Payments

It then informs users, “All your files have been encrypted due to a security problem with your PC. Now you should send  us email with your personal identifier. The will be as confirmation you are ready to pay for decryption key. You have to pay decryption in Bitcoins. The price depends on how fast you write to us.”

Source: Forcepoint

Scarab disables Windows recovery features, encrypts the user's files, and then deletes the original copy of itself. This time, the attackers also have a backup Bitmessage contact incase the email dies.

The note that tells users to contact quickly for a reduced ransom sum is likely to rush them into a decision. Unfortunately, it may be the best course of action for some, as there's no way to decrypt the files at the time of writing.

According to Forcepoint's predictions, ransomware will continue to grow in 2018. It believes these methods won't dissapear any time soon, so it's more important than ever to ultilize proper security practices.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News