The Necurs botnet is one of the most notorious malware botnets that is known to date and is believed to have infected millions of computers before Microsoft led a coordinated campaign to take it down on March 2020.
Microsoft was only able to achieve this monumental task after 8 years of planning, and not before engaging cybersecurity partners in 35 countries.
Disabling the Necurs botnet means that the cybercriminals behind the malware will not be able to use its extensive infrastructure to execute cyberattacks or to distribute other pieces of malware most prominently the Locky ransomware.
The Necurs botnet is believed to be operated by cybercriminal groups from Russia. Over its long reign of terror, the botnet has been used to orchestrate a wide range of cybercrimes such as pump-and-dump stock scams, “Russian dating” scams and fake pharmaceutical scams. Other attacks by the botnet have facilitated the stealing of financial details, credentials, accounts, to facilitate crypto-mining, and even DDoS (distributed denial of service) attacks.
What Can the Necurs Botnet Do?
To understand what the Necurs botnet is capable of, you first have to know what a botnet is. A botnet is a network of computers that is able to engage in coordinated action. When such a network is in the hands of cybercriminals, it can be used in engaging cyberattacks, cripple networks, steal sensitive data, or install other pieces of malware, including ransomware and other botnets.
In the spam email threat ecosystem, the Necurs botnet stands out as one of the largest networks with victims in nearly every country on the planet. Microsoft notes that a single Necurs-infected computer is able to send a total of 3.8 million spam emails to over 40.6 million potential victims.
The criminals behind the botnet then sell the infected computers in a bot-for-hire scheme that lets other operators meet their nefarious ends that may include such things as corporate espionage.
With such capability, the Necurs botnet remains a threat to every computer on the planet and it is high time that Microsoft took the steps to stop end its long reign of malicious activities.
How to Remove the Necurs Botnet
Thanks to the efforts of Microsoft and other groups, it is now very easy to remove the Necurs botnet from your computer. This is supported by the fact that its binary signatures are now known to cybersecurity experts worldwide. Thus, all you need to remove the Necurs botnet is a powerful anti-malware tool such as Outbyte Anti-Malware.
For the anti-malware tool to be 100% effective in removing the malware and its dependencies, you need to run your computer on Safe Mode with Networking. The following are the steps to take:
- Click the Start button or press the Windows key on the keyboard.
- Click Power while holding the Shift key, and click Restart.
- On the Choose an Option menu that follows, select Troubleshoot > Advanced Options > Startup Settings > Restart.
- Once your computer restarts, press the F5 key to get to Safe Mode with Networking.
Safe Mode is a basic state that only runs Windows apps and settings, which makes it ideal for troubleshooting issues with apps and settings.
After you are done scanning your computer with an anti-malware tool, you still need to have it cleaned with a PC repair tool. The repair tool will help delete junk files, clear browser history, optimize performance, and repair broken or corrupt registry entries. If you are using a Mac, the equivalent of a PC repair tool is Mac repair app so you might want to download that instead.
Windows Recovery Options
The best time to use a Windows or a Mac recovery option is right after you have removed a malware entity such as the Necurs botnet from your device. Recovery Options lets you refresh your computer or undo changes to system files, settings, and apps that prove to be problematic.
On Windows, your first choice of recovery option should be System Restore. The System Restore option lets you undo any changes to Windows apps and settings past a restore point which acts like a “snapshot’ of your operating system or Windows configuration at a point in time.
So, if you have a restore point on your computer, now is the time to use it as a way of returning your computer to a past performance level. Here is how to get to System Restore on a Windows 10/11 device:
- Into the search box, type “create a restore point”.
- Select the first result of this search to get to the System Properties app.
- On the System Properties app, go to the System Properties tab and select System Restore.
- Choose a restore point and continue.
- Click the Scan for affected programs to see the programs that will no longer be available once the restore process is complete.
- Follow the on-screen directions to complete the process.
The other Windows recovery option that you might consider using is the Refresh option. The Refresh option lets you install Windows with the option of keeping your personal files and settings.
In most cases, when you want to refresh your Windows device, the process will finish on its own. But sometimes, you might be prompted to insert a recovery media typically a DVD or a thumb drive so have these in hand before choosing to take this step.
Here is how to refresh your Windows 10/11 device:
- Press the Windows key on the keyboard and go to Settings.
- Under Updates & Security, select Recovery.
- Under the option to Refresh your PC without affecting your files, click Get Started.
- To complete the process, follow the on-screen directions.
After you are done with all the above, you now need to take the crucial step of updating your Windows device. Microsoft was able to slay the Necurs botnet because it issued a series of security updates that sealed the loopholes used by botnet to infect computers. Without installing these updates, you still run the risk of secondary infections.
Windows Update can be found by going to Settings > Update & Security > Windows Update.
Preventing the Necurs Botnet Ransomware Installer from Infecting my Computer
The Necurs botnet mainly spreads through malicious email attachments so, if you could avoid clicking emails from unknown sources, you will have reduced the risk of infection considerably. The malware also spreads via malicious sites, mal-adverts, and fake downloads. Watch out for these, too.