Millions of computers are at risk of infection by a virulent spam attack that threatens to destroy your files, unless you pay a Bitcoin ransom.
The Scarab malware is being distributed by Necurs, the internet’s largest email spam botnet, which has been used in a number of previous online onslaughts.
Within the first six hours of the attack 12.5 million emails had been distributed, with more than two million messages being sent out per hour at its height.
Millions of computers may have been infected by a virulent spam attack that threatens to destroy your files, unless you pay a Bitcoin ransom. The malware is being distributed by Necurs, the Internet’s largest email spam botnet. This image shows an infected email
Security experts from anti-virus software company Forcepoint, based in Austin, Texas, were among the first to raise the alarm.
They found infected files were hidden in fake scanned documents which, according to the subject line of affected emails, were supposedly created using printers from a number of reputable firms.
This includes Lexmark, HP, Canon and Epson, giving the scam messages an appearance of legitimacy at first glance.
Once an attached 7zip is downloaded and opened, the malware takes over your computer and files, threatening to erase them if the ransom isn’t paid.
Top domain countries targeted in the attack are the US, UK and Australia, followed by France and Germany.
Despite its wide distribution, Scarab is detected by most anti-malware software, which means you should receive a warning about the infected files.
Windows users unlucky enough to have been infected may be able to remove the malware by installing running anti-malware software in safe mode, although this is not guaranteed
Writing on the firm’s blog, security researchers Ben Gibney and Roland Dela Paz said: ‘The payload itself, Scarab, is a relatively new ransomware family that was discovered in June.
‘Once installed it proceeds to encrypt files.
‘A ransom note with the filename “If You Want To Get All Your Files Back, Please Read This.Txt” is dropped within each affected directory.
Once an attached 7zip is downloaded and opened, the malware takes over your computer and files, threatening to erase them if the ransom isn’t paid. This image shows the ransom demand that appears after opening the attachment
Top domain countries targeted in the attack are the US, UK and Australia, followed by France and Germany. Despite its wide distribution, Scarab is detected by most anti-malware software, which means you should receive a warning about the infected files
‘Unusually, the note does not specify the amount being demanded, instead simply stating that “the price depends on how fast you write to us”.
‘This note is also automatically opened by the malware after execution.’
A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware.
Users are often unaware of a botnet infecting their system.
Once a botnet’s owner is in control of your computer, they can use your machine in combination with others, over a network called a botnet, to carry out other nefarious tasks.
There are a number of common tasks executed by botnets.
This can include using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites.
Ransomware is a type of malicious software that criminals use to attack computer systems. Hackers often demand the victim to pay ransom money to access their files or remove harmful programmes
Within the first six hours of the attack 12.5 million emails had been distributed, with more than two million emails being sent out per hour at its height. This graphic shows the number of Scarab emails intercepted per hour by Forcepoint
The can also be used to: email spam out to millions of internet users; generate fake Internet traffic on a third-party website for financial gain; replace banner ads in your web browser specifically targeted at you; enable pop-ups ads designed to get you to pay for the removal of the botnet through a fake anti-spyware package.
The biggest giveaway of a malware email is that they are sent without being asked for, so it is always best practice to never open an unsolicited attachment.
Archive files, like the 7zip format used in the attack, are also another warning sign of potentially dangerous content.
These types of file can be used to try and bypass detection by anti-virus scans.
Manually scanning suspicious emails with anti-virus and anti-malware software may also reveal any hidden infections, although this is not guaranteed – particularly if it has not been updated recently.
There may also be spelling mistakes or other grammatical errors in the subject line, email address or body text that give the game away.
Keeping a data backup either via the cloud or external storage device that is not always connected to your PC can help to protect your data.
WHAT IS RANSOMWARE?
Ransomware is a type of malicious software that criminals use to attack computer systems.
Hackers often demand the victim to pay ransom money to access their files or remove harmful programmes.
The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.
In some instances, adverts for pornographic websites will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.
In the case of the Wanna Decryptor or ‘WannaCry’ Virus that hit the NHS last month, this targets Microsoft’s widely used Windows operating system.
The NHS was one of the several global government agencies hit by the WannaCry attack (pictured), which affected computers, phones and emergency bleepers in hospitals and GP surgeries
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
Such malware can be avoided by checking app permissions, avoiding installing questionable apps and being careful about what email attachments you open.