In a similar fashion to the Jaff ransomware, Forcepoint Security Labs have observed another piece of ransomware called “Scarab” being pushed by the infamous Necurs botnet. The massive email campaign started at approximately 07:30 UTC and is active as of 13:30 today, totalling over 12.5 million emails captured so far.
The graph below shows the per-hour volume of Scarab/Necurs emails blocked by Forcepoint between 07:00 and 12:00 UTC:
Figure 1: Scarab/Necurs emails intercepted per hour
Based on our telemetry, the majority of the traffic is being sent to the .com top level domain (TLD). However...Read more