29 Jun Malware Watch: Spora 2.0
Spora ransomware is a sophisticated form of ransomware distributed by organised syndicates with the very special ability to work offline. It was first detected in January 2017 but has a resurgent strain.
The Spora ransomware targets all versions of Windows including Windows 10, Windows 8, and Windows 7. Although the first strain was distributed in January, a new strain has been detected which tries to conceal the virus and bypass antivirus software and email filters.
How is Spora distributed?
Spora is distributed through various ways, usually spam emails, with malicious attachments OR from phishing emails, which direct you to infected websites dropping malicious payloads. Usually, the emails are branded under the guise of a major company, notifications of shipments, or invoices are common for scammers to use and frequently opened by users leading to infection.
The new strain approaches detection differently, convincing the filters and antivirus software that the attachment contains a PDF file, scanners typically ignore file extensions, instead of examining the bytes contained in the file.
The new Spora strain’s initial bytes make it appear to be a PDF to email filters and virus scanners, however, it is still opened as an HTA file. This is dangerous as when opened in Windows the malicious attachment opens a webpage that isn’t subjected to the same security restrictions.
What does Spora do?
Once deployed, the Spora ransomware runs silently and encrypts files with selected extensions. Each file is encrypted with separate keys.
Once your computer has been infected you are linked to a website, with four payment options. In order for the attackers to advertise their “trustworthiness”, and to prove they do in fact have the decryption key they will allow you to decrypt two files for free.
From their price point, the full restore is $120 meaning you will get all your files restored. The immunity package somewhat curiously means that they will stop you getting infected again, although we haven’t tested this and it seems unlikely to be true. Removal tool, we suspect is due to more and more people backing up, they simply want the ransomware removed from their computer.
It is encouraging that removal and immunity are now becoming available as it means that users are now backing up their files.
Claim your free Ransomware protection trial here: //bit.ly/2yffTYW
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019
- What makes Google Mobile Advertising so powerful? - January 30, 2019
- Protected: The Face Off: G Suite vs Office 365 – Who Battles to Business Victory? - January 9, 2019
- Thailand’s Great Cybersecurity Push - December 11, 2018
- Financial Services: IT Security & Cyber Protection in Banks from Malware and More - October 26, 2018
- Powering Thailand 4.0 - October 22, 2018
- Meet Gozi: The Number 1 Financial Malware - October 19, 2018
- Meet the Gazorp Malware Builder - October 18, 2018
- What is Artificial Intelligence: Machine & Deep Learning - September 7, 2018