29 Jun Malware Watch: Spora 2.0
Spora ransomware is a sophisticated form of ransomware distributed by organised syndicates with the very special ability to work offline. It was first detected in January 2017 but has a resurgent strain.
The Spora ransomware targets all versions of Windows including Windows 10, Windows 8, and Windows 7. Although the first strain was distributed in January, a new strain has been detected which tries to conceal the virus and bypass antivirus software and email filters.
How is Spora distributed?
Spora is distributed through various ways, usually spam emails, with malicious attachments OR from phishing emails, which direct you to infected websites dropping malicious payloads. Usually, the emails are branded under the guise of a major company, notifications of shipments, or invoices are common for scammers to use and frequently opened by users leading to infection.
The new strain approaches detection differently, convincing the filters and antivirus software that the attachment contains a PDF file, scanners typically ignore file extensions, instead of examining the bytes contained in the file.
The new Spora strain’s initial bytes make it appear to be a PDF to email filters and virus scanners, however, it is still opened as an HTA file. This is dangerous as when opened in Windows the malicious attachment opens a webpage that isn’t subjected to the same security restrictions.
What does Spora do?
Once deployed, the Spora ransomware runs silently and encrypts files with selected extensions. Each file is encrypted with separate keys.
Once your computer has been infected you are linked to a website, with four payment options. In order for the attackers to advertise their “trustworthiness”, and to prove they do in fact have the decryption key they will allow you to decrypt two files for free.
From their price point, the full restore is $120 meaning you will get all your files restored. The immunity package somewhat curiously means that they will stop you getting infected again, although we haven’t tested this and it seems unlikely to be true. Removal tool, we suspect is due to more and more people backing up, they simply want the ransomware removed from their computer.
It is encouraging that removal and immunity are now becoming available as it means that users are now backing up their files.
Claim your free Ransomware protection trial here: http://bit.ly/2yffTYW
- Magento vs WordPress | What’s Best for your Business – Pros & Cons - August 22, 2019
- What is the best platform for eCommerce Websites? Shopify, Magento, or WordPress? - July 23, 2019
- What should I do, I have received a letter requesting a BSA software audit? - July 15, 2019
- What is the BSA Software Alliance? - July 15, 2019
- Benefits of Office 365 for Business – What plan is for you? - June 21, 2019
- Office 365 Business Premium vs Essentials: - June 20, 2019
- Office 365 Business Premium vs Business (Standard): - June 20, 2019
- Office 365 Business Premium vs E5, E3, E1 & Pro Plus - June 18, 2019
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019