December 28, 2017 by

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the Necurs Botnet during the holiday season.

The operators of the comprehensive campaign continue to spread the Lack and GlobeImposter ransomware by using a malicious visual basic script (.vbs) or a javascript (.js) file located inside a compressed seven-zip (7z) archive to trigger the ransomware payload, researchers from AppRiver revealed.

Necrus is a for-rent botnet that has, over the years, been used for DDoS attacks, pump-n—dump stock spam, malware created by professional cybercriminal gangs and more. The botnet is said to control up to 65 million compromised machines in total with 1-2 million active at any given time.

Researchers added:

It utilizes a kernel-mode driver to create a backdoor allowing remote access and control of the infected computer.  This allows the operators to download malware, hide components from detection, and stop security applications from functioning properly. 

On December 19, the firm’s filters stopped a total of 45,976,814 malicious emails sent by the botnet. At peak traffic, filters caught a mammoth 4.6 million emails per hour, all of whom were 7zip files containing malicious visual basic scripts.

Come December 20, described as “the heaviest day we’ve seen this year (so far), researchers tallied a total of 47,309,380 messages stopped by the filters. “Of those, 32,730,828  were the .vbs file, and 14,578,552 were the javascript file inside the .7z archive. Maximum sustained traffic was 5,704,052 million emails blocked during the 6 a.m. hour,” researchers added.

The researchers hypothesized that operators behind the ransomware campaign could have been testing and/or monitoring the rate of infections before realizing that most of their targets were away on vacation.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward

Free Decryption Tool Brings Respite to Victims of Aggressive Ransomware

A new and unusual family of ransomware has met its match after a ransomware tool backed by Europol...

Read more arrow_forward