SAT News: Scarab Ransomware Outbreak


Nuspire's Security Analytics Team is currently tracking a large-scale spam campaign delivering the Scarab ransomware. The Necurs botnet is responsible for blasting out over 2 million emails per hour with the subject line as follows:

'Scanned from Lexmark'

'Scanned from Epson'

'Scanned from HP'

‘Scanned from Canon'

The emails include a 7-zip attachment. The attachment is a malicious VBScript downloader that proceeds to encrypt files, adding the extension ‘.[].scarab’ to affected files once installed.

“We have currently quarantined thousands of samples via nuMAIL with the first arriving on November 23rd,” said Shawn Pope, Security Analyst at Nuspire.

A ransom note with the file name ‘IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT' is dropped within each affected directory.

The amount of bitcoin payment required to decrypt is not specified in this particular ransomware, instead it states “the price depends on how fast you write to us.” Fortunately, Scarab is detected by most anti-malware vendors with a current detection rate of 36/60.

As with all spam email campaigns and ransomware, it comes down to user awareness and training to identify these attacks and ultimately have the knowledge to not open or extract any suspicious attachments.

For more information on how to keep your information safe, click here.

Nuspire Insights

Nuspire Infographic

Contact Us


Nuspire Infographic

Contact Us