Ransomware

Scarab Ransomware Targets E-mail Accounts

The moment we login on the Internet it becomes scary due to growing cyber-attacks, as our personal data stored on hard drive works like a magnet to attract hackers and cyber criminals. Recently, a massive attack took place wherein victims were asked to pay ransom in Bitcoin else face losing their data forever.

The malware is dubbed Scarab, which uses Necrus spam botnet to send malicious emails to 12.5 million emails accounts. It is said to be the biggest botnet till date as it can send over two million emails per hour. Attackers used image scans from well-known printer brands like HP, Canon, Lexmark, and Epson to fool users.

As per security experts, in this attack, an email is sent with image scans from printers in the subject line. Once the malicious attachment is downloaded and opened, virus gets into the system and hijacks the machine thus threatening the victim into permanently deleting files unless demanded ransom is paid.

See Also: Some of the Most Common Types of Cyber Attacks

Victim receives a ransomware in .TXT format named: “If You Want to Get All Your Files Back, Please Read This”. It opens automatically when the machine is infected.

So far Australia, US, UK, Germany, and France users are targeted.

How to identify a malicious E-mail?

Generally, you are advised not to open an E-mail received from unknown sources as it may contain malicious content. Therefore, as the first line of defense never open unwanted emails especially if they have an attachment. Also, any E-mail from unknown sources with attachments in 7zip format, are expected to be harmful.

Plus, the best way to identify E-mails with malicious intent is to check for spelling and grammatical errors, as a fraudulent one would always have them.

Also, malicious E-mails and attachments easily bypass security programs therefore don’t blindly rely on them. Be cautious while opening an E-mail or downloading an attachment received in a mail.

How do Botnets Operate?

The term botnet refers to an army of vulnerable devices on a network which have been affected by malware, and is currently being used for illegitimate purposes.

Most users are unaware of their devices being compromised by a botnet, as it is hard for a layman to identify. Once a device is compromised hackers can easily get into your system and use it the way they want, to carry out malicious campaigns.

Botnets can perform quite a few harmful activities such as:

  • Use the device for DDoS attacks to shut down a website.
  • To distribute malicious emails.
  • To Create fake Internet traffic to financially benefit the hacker.
  • Show pop up ads with fake anti-virus programs on affected machines.

The current ransomware attack is bit different, it does not demand specific amount as ransom. The note says that ransom amount will vary depending on the victim’s response time.

What is a Ransomware Attack?

Ransomware refers to an attack designed for financial gain.

Once a device is compromised ransom is demanded by the hacker to remove malicious code.

Fraudulent E-mails with malicious link or attachments are used to spread the infection and compromise a device. We have been witnessing many attacks that take advantage of a vulnerability to spread infection and earn money.

Ransomware attackers encrypt important documents and demand ransomware from the user to provide access to the files. Once the machine is infected, user receives a ransom note with instructions on how to pay ransom and what will happen if the amount is not paid. It spreads through connected devices in the same network, which could be particularly damaging for businesses.

So, beware of such attacks.

Leave a comment