- Feb 4, 2016
- 549
A million emails per day. That’s how much spam Bitdefender has seen starting the 21st June, in a massive campaign spreading the infamous Locky ransomware.
The Necurs botnet, one of the largest and most resilient criminal botnets out there, has reportedly made a comeback with an enhanced version of Locky ransomware, among other threats.
Necurs is a peer-to-peer hybrid botnet totaling about 1,700,000 infected computers. Until June 1st, it was one of the most active botnets, with millions of bots serving large volumes of spam emails. But around May 31st, the Necurs C&C servers went offline and traffic dropped significantly.
“We’ve seen a huge decrease in malicious traffic since”, Motherboard wrote at the time. “Locky has completely disappeared.” Coincidentally, or not, in the same time, Russia’s FSB security service said it had arrested a gang of around 50 hackers who had stolen over 1.7 billion roubles ($25.33 million) from Russian institutions and banks via the Lurk Trojan.
The bulk of emails identified by Bitdefender targets employees from various worldwide companies including construction companies, photo library sites and grocery stores. The messages pose as reports sent by the CEO and contain an attached .zip file which download a stealthier iteration of Locky. The payload is delivered via JavaScript attachments.
The Necurs botnet, one of the largest and most resilient criminal botnets out there, has reportedly made a comeback with an enhanced version of Locky ransomware, among other threats.
Necurs is a peer-to-peer hybrid botnet totaling about 1,700,000 infected computers. Until June 1st, it was one of the most active botnets, with millions of bots serving large volumes of spam emails. But around May 31st, the Necurs C&C servers went offline and traffic dropped significantly.
“We’ve seen a huge decrease in malicious traffic since”, Motherboard wrote at the time. “Locky has completely disappeared.” Coincidentally, or not, in the same time, Russia’s FSB security service said it had arrested a gang of around 50 hackers who had stolen over 1.7 billion roubles ($25.33 million) from Russian institutions and banks via the Lurk Trojan.
The bulk of emails identified by Bitdefender targets employees from various worldwide companies including construction companies, photo library sites and grocery stores. The messages pose as reports sent by the CEO and contain an attached .zip file which download a stealthier iteration of Locky. The payload is delivered via JavaScript attachments.
