Posted on November 28, 2017 at 4:42 PM

Latest Ransomware Attacks Targeted Over 12.5 Million Email Accounts

The latest Scarab ransom malware is thought to be the biggest botnet to date.

Millions of devices are considered to be vulnerable to attack following the latest ransomware campaigns which destroy a victim’s files unless a victim agrees to pay a ransom fee in Bitcoin.

The latest Scarab malware is currently being circulated by the world’s largest email spam botnet, Necurs, which has been involved in a number of previous attack campaigns.

During the latest attack campaign, the botnet was able to send over 12.5 million emails within the campaign’s first six hours which contained the malware. At its peak performance level, Necurs was able to send over two million emails per hour.

How To Spot A Malicious Email

Experts generally agree that if you’re being sent emails that you didn’t ask for, those emails likely contain malicious content. Therefore it is best practice to never open up unsolicited emails, especially if they contain attachments.

So far, security experts gathered that emails originating from the Scarab attack campaign uses image scans from printers in their subject lines. Brands of printers and scanners used include HP, Canon, Lexmark, and Epson, which often misleads victims of the email’s legitimacy. However, fraudulent emails are generally fraught with spelling and grammatical errors, which could help potential victims identify emails with malicious intent.

In addition, any unsolicited email with attachments in 7zip format, are likely to be harmful.

Malicious emails and attachments can often reach a victim’s email inbox without triggering any antimalware programmes or DDoS protection security measurements. The latest attack campaign was first reported by the Texas-based security firm, Forcepoint. According to security experts from Forcepoint, they detected email attachments with malicious intent that was hidden is so-called scanned documents.

However, once a user downloaded and opened the malicious attachment, the virus soon infiltrates and hijacks a user’s computer and threatens to delete the victim’s permanently unless a ransom is paid. So far users have been mostly targeted in Australia, the US, UK, Germany, and France. Fortunately, Scarab seems to have triggered the majority of available anti-virus and antimalware software.

In addition, security experts confirmed that targeted Windows users could delete the malware by installing and running certain antimalware programmes. According to security researchers from Forcepoint, Scarab is the latest addition to a ransomware campaign which was discovered earlier this year. The researchers, Roland Dela Paz and Ben Gibney confirmed that once a device is infected, the malware encrypts a victim’s files.

Shortly following infection, a victim will receive a ransomware note in .Txt format labeled “If You Want To Get All Your Files Back, Please Read This”.

How Do Botnets Operate?

The term botnet refers to a network which consists of several IoT devices, including smartphones and PCs, which have previously been affected by malware, and is currently being illicitly used for nefarious purposes.

More often than not, users are unaware of their devices being infected by a botnet.

As soon as a hacker has infiltrated a device with its botnet, they can hijack the device, and use in conjunction with compromised devices in order to carry out malicious campaigns.

Botnets can conduct several harmful activities such as:

• Using the device to conduct DDoS attacks which could cause websites to shut down.
• Distributed harmful spam emails.
• Create fraudulent internet traffic in order to benefit the hacker financially.
• Swap out banner ads in a victim’s web browser.
• Create pop-up ads that advertise fraudulent anti-virus programmes to affected victims.

Surprisingly, security researchers noted, the current ransom note does not that the specific amount it requires as ransom. Instead, the note states that prices will vary depending on the victim’s response time.

The victim’s device automatically opens the ransomware note following infection.

What is a Ransomware Attack?

Ransomware refers to an attack method often employed by cybercriminals for personal financial gain.

Once a victim’s device has been infected, the responsible hacker will demand a ransom fee before removing the malicious code from an infected device.

Attacks are usually spread by injecting fraudulent emails, links, or attachments with malicious content that was created to compromise the device. The notorious ransomware attack “WannaCry” affected the NHS system just last month. The attack affected the NHS’s computer network which consisted of PC’s, emergency bleepers, and phones in medical environments such as hospitals and doctor’s rooms.

In most cases, ransomware attacks encrypt a device’s documents and demand ransomware from the user in order to regain access to the files. Once affected, a user can only view a file with instructions on how to pay the ransom, as well as the actual attack’s program. Ransomware can spread through connected devices in the same network, which could be particularly damaging for businesses.

Experts have advised that users can avoid similarly damaging attacks by double-checking all their apps’ permissions, avoiding unsolicited emails, and refrain from installing apps from unknown origins.