The newest large-scale global attack is being delivered at the rate of 2 million emails per hour. This ransomware, delivered via the Necurs Botnet, is attached to an email that has a “.7z” (7-Zip) extension and looks as if it is coming from a copier, scanner, or printer as an attached scan with a subject line, like: “Scanned from HP.” Opening the attachment allows the malware to activate, attempt to download the ransomware package, and possibly begin encrypting your machine. For information on how this two-step ransomware process works, see our free recorded webinar here.

This particular ransomware is just a new variation of an older encrypting malware. Unfortunately, it is disguised enough to be undetectable by most security tools. If it successfully encrypts files on the victim’s machine, it then opens a message telling the victim where to pay the ransom. One oddity is that this variation does not quote a ransom amount, but suggests the amount depends on how quickly you respond to the attackers, through email or Bitmessage.

What can we do:

  • First, don’t open any unexpected emails from your scanner or copier and verify that the machine sending you the email is actually your copier/scanner/printer before you open anything with a “.7z” extension. (BTW you should do this with pretty much any unexpected attachments… Verify. Verify. Verify…)
  • Backup your systems so if you do get attacked, you can go back to a previous known good image.
  • Once the AV companies have released an update to cover the Scarab ransomware, make sure your security tools are updated.
  • DO NOT PAY the Ransom – this maybe impossible if you did not have any backups, but paying the attackers is always a bad idea.
  • There is no known decryption tool available yet. So, if you haven’t backed up recently you may have to just have the machine wiped. Never trust a device that has been compromised. The attackers like to leave tools behind that will allow them to attack you again.

 

Stay Cyber Safe,

The SecuLore Support Team

Other Alerts

  • Cyber Alert: Mitel and Oracle Vulnerabilities

    2025-01-13

  • Cyber Alert: Ivanti Connect Secure Flaw

    2025-01-13

  • Cyber Alert: Zyxel Firewall Vulnerability

    2024-12-05

  • Cyber Alert: Array Networks Critical Vulnerability

    2024-12-02

  • Cyber Alert: Palo Alto Expedition Migration Vulnerability

    2024-11-12

Cybersecurity for Critical Infrastructure

SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.

  • 24/7 Vulnerability & Threat Monitoring

  • Automated & AI Threat Detection

  • Specialized Threat Intelligence

  • Proactive Threat Hunting

  • Incident Response & Remediation

  • Forensics & Root Cause Analysis