A new version of the scarab ransomware reaches 12 million users

Throughout this year we have spoken on many occasions about ransomware. Now, a new version of the Scarab ransomware has just been discovered and is being distributed worldwide through a massive spam campaign. This campaign is being promoted by the botnet called Necurs. So far it is said to have already reached 12 million users.

A new version of the Scarab ransomware reaches 12 million users

This Necurs botnet has already been used in other campaigns to launch malicious programs such as Locky, Trickbot or Dridez. The current spam campaign started a few hours ago and appears to be still active according to security experts. The sheer volume of it, with 12.5 million malicious emails sent, has surprised many.

Scarab ransomware

So it seems that Necurs' business is working perfectly, as it has been extremely busy for the past few weeks. Necurs botnet is the largest spam provider that we can find. It generally has between 5 and 6 million infected hosts every month. It is responsible for the largest spam and malware campaigns in the world. Now, he is responsible for launching Scarab.

It is a new variant of a ransomware that was already detected last June. This time, the messages contain supposedly scanned images for users to open the file. But what happens when you open them is that they infect you with Scarab.

The emails contain a 72zip file with a Visual Basic script, similar to the one used in the Locky malware campaign in September. Therefore, if you receive an unknown message or one that does not ring a bell, do not open it, much less open the attached files.