Beware! 12.5 million emails hiding a ransomware have been let loose by Necurs botnet

  • 69
Necurs Botnet

If you weren’t careful with your incoming emails, then it’s time you should. Attackers have released 12.5 million emails hiding a ransomware called the Scarab malware. And Necurs botnet, the world’s largest email spam botnet, is being used in this attack.

First, what is a botnet?
A group of computers called zombies (these could also be smartphones, servers, and Internet of Things) controlled by cybercriminals to spread malware and launch other malicious attacks on their targets is called a botnet.

The Necurs botnet is known to be the largest botnet to control up to 6 million zombies and responsible for delivering some of the worst Trojans and ransomware via millions of emails at a time.

What’s happening now?

  1. The Necurs botnet has pushed 12.5 million emails affecting users mainly in the US, UK, Australia, France, and Germany. These emails contain a ZIP attachment of fake scanned documents.
  2. These fake documents are infected with the Scarab ransomware. Once an attached zip is downloaded and opened, the malware takes over the infected computer and displays a ransom note. The note warns the user that their files have been encrypted and in order to get them back they would have to contact the attacker via email. And depending on how soon the user writes to them, the price for decrypting the files will be decided.
  3. The malicious emails sent by the Necurs botnet have subject lines that contain the names of some famous companies that manufacture printers. This is mainly to trick the user into opening the email and downloading the malicious attachments.

Attackers can make your computer a part of their botnet by infecting it with something called a ‘bot code’. They can drop this code onto your computer by sending you emails containing malicious links or attachments, fake social media posts, or exploiting existing security vulnerabilities on your system.

Should you be worried?

Yes, you should be. 12.5 million emails is a large volume and it won’t be unwise to think that one of these reaches your inbox. So, here’s what you should do:

  1. Do not click on unexpected emails that ask you to click on a link or download an attachment (especially ZIP files).
  2. Even if such emails look like they have been sent by a friend or a known source, verify its content first with the sender over a call or by meeting them in person.
  3. Malicious emails often carry a sense of urgency like informing you that your bank account is going to be suspended or you have an urgent letter from your boss. Never fall for this trick.
  4. Often, fake and malicious emails have spelling and grammatical errors. So, look for these signs also.
  5. Protect your computer with an antivirus that offers layers of protection such as defense against infected and phishing websites, malicious emails, and ransomware.

Quick Heal detects and blocks Scarab ransomware.


In most cases, users stay unaware even if their computer has a botnet infection and is part of a botnet. So, it is important that you periodically run a check for such infections on your computer. The Quick Heal Botnet Removal Tool helps you do this. This tool was developed in collaboration with “Cyber Swachhta Kendra” under the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics & IT, India. You can use this tool by visiting the link given below:










Rajiv Singha

Rajiv Singha

No Comments, Be The First!

Your email address will not be published.