The email subject line says “Scanned from Lexmark” and the attached file is “image2017-11-23-9292134.7z”. Seems legit, right?
You’re expecting a scan or maybe you just weren’t thinking. So you click on the file.
Next thing you know the data on your PC has been encrypted and you see this:
Congratulations, you now have Scarab ransomware!
F-Secure Labs discovered this relatively new variant of ransomware being delivered through the Necurs spam botnet in late November. A botnet is a network of infected internet-connected systems that criminals can use to send out millions of pieces of spam in a hour.
“The Necurs botnet is the biggest deliverer of spam with 5 to 6 million infected hosts online monthly, and is responsible for the biggest single malware spam campaigns,” the Labs’ Päivi Tynninen wrote. “Its service model provides the whole infection chain: from spam emails with malicious malware downloader attachments, to hosting the payloads on compromised websites.”
When you’re sending out tens of millions of spam emails every month, only a tiny percentage of them need to actually infect anyone with ransomware for your efforts to be profitable.
Ransomware is a billion-dollar business because it works.
“And as the simple social engineering themes are effective, Necurs tends to re-use the spam themes in its campaigns, sometimes within a rather short cycle,” Päivi wrote. “In this particular case, the subject lines used in this spam campaign were last seen in a Locky ransomware campaign exactly two weeks ago, the only difference being the extension of the attached downloader.”
So how can you avoid being fooled into giving yourself ransomware?
First all, run top-notch internet security like F-Secure TOTAL that blocks all known threats including Scarab and all the other ransomware that has been delivered by the Necurs spam botnet.
Next, avoid clicking on any attachment if at all possible. F-Secure Labs fond that 80% of attachments in spam emails sent in 2016 were ransomware. And in 2017, chances are any attachment you’re clicking on in a spam email could lead to ransomware.
These two simple steps will help eliminate nearly all ransomware threats from your life. But it won’t stop just enough people from clicking on those attachments. So spread the word.