Qu'est-ce que Spora Ransomware?

James Lloyd

James Lloyd, works at The SSL Store™

Répondu il y a 91w · L'auteur dispose de réponses 457 et de vues de réponses 313.5k

Spora (the Russian word for “spore”) is recently discovered highly sophisticated Ransomware which has taken an attack to a whole new level. Generally when ransomware attacks happen, they offers the feature like try before you buy (allowing you to decrypt one to two files for free, so you can trust them) on the pages where they want their ransom payment has to be received.

Regarding features, Spora Ransomware has gone a step ahead. They added three new levels to this feature of allowing you to decrypt file before you pay them.

Qu'est-ce que Spora Ransomware?

As you look into this above image, they offers you these options.

  • Decrypt two files for free.
  • For $30 Decrypt selected files.
  • To remove Ransomware $20.
  • $50 for immunity from future attacks.
  • $120 to get the full restore.

Spora strictly comes through an email. It’s delivered in multi-stage attack which goes like:

ZIP file: Zip file considered as low-risk even if they comes through an email, as it's less riskier just to look through files inside a folder rather than opening individual files residing in the folder.

Zip File comes with a file named HTA (abbreviation of HTML Application), though it might sound strange, but by window it's considered as a web page. The contained HTA file have a VBScript program which creates and runs a JavaScript file named as close.js. Lastly, this close.js file create and run a randomly named program which have a ransomware Spora.

Once the Spora is executed, all your files will get scrambled up with the below extensions:

Qu'est-ce que Spora Ransomware?

The worst part is, this ransomware Spora works totally offline & it also deletes the shadow copies of your Windows (if you have saved any online backups), so you are not even capable to recover your files. In addition, Spora breaks the Start menu short cut, in order to make it harder to open Control Panel, to run command prompt or to reboot into recovery mode.

For making payment, this ransomware makes two files on the desktop, one HTML file which shows how to make payment & another main file which have the encrypted copy of the private key which is needed to unlock your computer.

Akhil

Akhil, Mtech Cybercrime, Indian School of Ethical Hacking (2017)

Répondu il y a 91w · L'auteur dispose de réponses 80 et de vues de réponses 674.9k

What is Spora?

Spora is a ransomware-type virus distributed via spam emails (malicious attachments). Each rogue email contains an HTA file which, once executed, extracts a Javascript file ("closed.js"), placing it in the system "% Temp%" folder. The Javascript file extracts an executable with a random name and runs it. The executable then starts to encrypt files using RSA cryptography. Note that, unlike other ransomware-type viruses, Spora does not rename encrypted files. The aforementioned HTA file also extracts a DOCX file. This file is corrupted and, thus, an error will be displayed once opened. This is being performed to trick victims into believing that the download of email attachments has failed. Following successful encryption, Spora generate a .html and .KEY files (both named using random characters), placing them in all folders that contain encrypted files.

Leggi:  How to transfer money from a Skrill USD account to a Indian bank account

One of the main advantages of Spora to the developers is the ability to work offline (without an Internet connection). As mentioned above, the files are encrypted using RSA (an asymmetric encryption algorithm) and, thus, public (encryption) and private (decryption) keys are generated during the encryption process. Decryption without the private key is impossible. In addition, the private key is also encrypted using AES cryptography, making the situation even worse. As well as encrypting files, Spora disables Windows Startup Repair, deletes shadow volume copies, and changes BootStatusPolicy. The HTML file contains a ransom-demand message in Russian, which details the encryption and encourages victims to follow instructions provided on Spora's website. To restore files, victims must supposedly pay a ransom. The size of ransom depends on each individual situation and the victim's requirements. Full decryption (including immunity, removal and file restore) is approximately equivalent to between $79 and $280, however, victims may choose to only to restore files, remove them, or to receive immunity. In these cases, the price is reduced. Victims are also permitted to decrypt two files free of charge. The ransom must be paid in Bitcoins and victims have a limited amount of time (a deadline is given on Spora's website) to make payment, otherwise the decryption keys are permanently deleted. Spora's website is advanced as compared to other viruses of the same type. It provides each victim with an account containing a Bitcoin wallet. It also has features for decryption, transactions, contacting developers, etc. At time of writing, there are no tools capable of restoring files encrypted by Sporransomware. Therefore, the only solution is to restore your files/system from a backup.

Berta Bilbao

Berta Bilbao, Malware researcher at SensorsTechForum

Répondu il y a 91w

Spora ransomware est virus cette crypte your files and is a very sophisticated one.

It encrypts only a small number of file extensions, but they are for the most widely used file types - documents, photos, les archives and a few others. It used to be targeting mainly Russie, but now could very well be targeting the whole World as it is seen by researchers to be spreading with the RIG-V Exploit Kit that was used to spread the Cerber ransomware for months.

If you want to know more details about its encryption or other things related to how it works and how it can be prevented, head over to SensorsTechForum’s article about Spora Ransomware.

Leggi:  Can I use my China UnionPay bank card in the United States?

Other than that, malware researchers say its crafted from people with experience and with lots of effort and for now aucune flaws in its code are to be found.

Charles Steve

Charles Steve

Répondu il y a 67w · L'auteur dispose de réponses 193 et de vues de réponses 33.2k

Nowadays, ransomware has become the most popular type of malware.Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special feature to work offline.

The spam campaign carries a .zip file, which contains an HTA (HTML Application) file to evade detection from some email scanners and maximize its outreach. The contents of the email are carefully crafted to lure victims using social engineering techniques. This HTA file also tricks users by using the double extensions rtf.hta and doc.hta. If file extensions are hidden on victim’s machines, then they will see only the first extension and might be fooled into opening the file.

For getting more information about Ransomware, Ransomware Evolution etc Infographics Archives | Opsfolio is a perfect reference, which i would like to suggest to you.

Nikhil Garakapati

Nikhil Garakapati, travaille à étudier

Répondu il y a 91w · L'auteur dispose de réponses 65 et de vues de réponses 111.4k

Héy!

Security researchers have spotted the next evolution of ransomware. It’s called Spora, and it’s been designed to be as easy-to-use as the online stores you frequent. Maybe even easier.

Qu'est-ce que Spora Ransomware?

Image: Emsisoft

At its core, Spora is no different than the innumerable different strains of ransomware that have plagued consumers and institutions for years. Once a system has been infected it looks for certain types of files, encrypts them, and then demands payment for their safe return.

There are several things that set Spora apart, however. For starters, it can still function if your computer is offline. Even if you quickly realize that you’ve fallen victim to a phishing attack and disconnect from the Internet, your files can still be encrypted.

Spora is also intelligent enough to leave files in certain important folders untouched. Why? Because its creators know that if a computer is unable to boot normally that their chances of extracting payment from a victim decrease dramatically.

Je vous remercie!

Rza Aliev

Rza Aliev

Mise à jour il y a 77w · L'auteur dispose de réponses 98 et de vues de réponses 88.6k

sportif est ransomware, that sneak into your system, then it encrypts various personal data. Learn how to remove sportif in cette instruction.

After finishing encrypting with RSA cryptography algorithm, this ransomware encrypts your files, but it does not add file extension or modify your files name as distinct from all the other ransomware.

Leggi:  Comment supprimer les obstacles des ventes et des conversions dans le commerce électronique

Once data on your computer is encrypted, Spora ransomware creates ransom notes [random_characters].html et [random_characters].KEY in each folder with the encrypted data. You can find demands and instruction on how to pay the ransom for decryption in these files. Spora Ransomware is a serious danger to your PC!

That’s why you should get rid of Spora ransomware as soon as possible. I personally recommend you to use this antivirus as it has Spora virus in it’s big database, which means it is able to detect and remove the threat.

Yash Trivedi

Yash Trivedi, Cehv9, Pursing software engineering

Répondu il y a 91w · L'auteur dispose de réponses 153 et de vues de réponses 150.2k

Salut,

Security researchers have discovered a new ransomware campaign that not only gives back the encrypted files after payment of ransom but also offers immunité from future ransomware attacks to the victim. It is being distributed through spam emails that appear as invoices and contain a ZIP file in which an HTML Application or HTA file is stored. The file pretends to be a .DOC or .PDF file. Therefore, the victim believes it as a simple document and opens it. Once opened, the file extracts a Jscript in the %TEMP% folder after which it inserts an encoded script into it and runs the file

Selon Emsisoft’s research team, It leverages encryption using the Windows CryptoAPI and the process of encryption is a combination of RSA and AES keys. The public RSA key is embedded within the executable file and its purpose is to create a fresh pair of 1024 bit RSA keys, one of which is private while the other is a public key. To encrypt it, another 256 bit AES key is generated, which aids encryption using the public RSA key along with information stored in a .KEY file.

Vous pouvez en lire plus à https://googleweblight.com/?lite...

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.