Forcepoint security researchers have spotted a massive email cyber campaign that uses the infamous Necurs botnet to push new ransomware dubbed “Scarab“.
The campaign kicked off on Thursday and totaled 12.5 million emails that were captured as of the writing of the Forcepoint report.
The email uses a similar theme used in Locky ransomware campaign distributed by Necurs – to include the subject line “Scanned from {printer company name}” and a 7Zip attachment that contains a VBScript downloader.
Once a user clicks on the attachment, the ransomware payload Scarab is installed and proceeds to encrypt the victim’s files and adds the extension “.[[email protected]].scarab” along with a ransom note on how victims can get their files back.
Note the word support was also misspelled due to possible availability of email addresses.