INFRA
INFRA
INFRA
Spora ransomware brings a freemium model to hijacked data decryption
The creators of a recently discovered form of ransomware have devised a way to extort customers with hijacked files borrowed from the world of apps: a freemium model.
Called Spora after the Russian word for spore, the ransomware offers five levels of decryption to those unfortunate enough to be infected. An initial tier allows a victim to decrypt two files for free, escalating to a full restore for $120, with prices in between for options including the ability to restore a single file, remove the ransomware and gain “immunity” from it.
The ransomware is being distributed through a spam email campaign that disguises itself as a ZIP file that has an HTA file (a HTML application) inside it with an enticing name, according to Naked Security. Once opened, the file extracts a Jscript in the %TEMP% folder, which then further extracts an executable to the same folder and runs it. Upon installation, Spora encrypts files using the Windows CryptoAPI in combination with RSA and AES keys, and delivers a HTML-based ransom note and a .KEY file.
While that sounds like standard form for this sort of infection, Spora differs itself to others forms of ransomware by being able to encrypt files without having to contact a command-and-control server. That is, it can encrypt files if a machine is offline, while still delivering to every victim a unique decryption key.
Spora is also highly aggressive in its implementation, limiting options for victims to respond. That includes deleting online backup copies of Windows as well as breaking shortcuts in the start menu to make it difficult to access the control panel and command prompt, limiting the victim’s ability to reboot the PC in recovery mode.
In the event you were to be infected by Spora, the bad news is that at this stage there is no cure other than to wipe a machine and restore it from a backup. Researchers at Emsisoft noted that they have yet to find any holes in Spora’s encryption routines.
“The best protection still remains a reliable and proven backup strategy, especially since the encryption used by Spora is secure and the only way to get the data back is through the help of the ransomware author,” the post notes.
Image courtesy of Emsisoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
