Protection Money for New Ransomware

How many times have you seen a TV show or movie where a couple of tough guys in leather jackets, maybe carrying baseball bats, walk into a diner or mom and pop shop and demand money?  When the owner refuses, they start smashing stuff, and when they’re done they demand protection money to make sure it doesn’t happen again.

That’s the idea behind Spora, a new kind of ransomware.  Now only is it tougher to foil than previous iterations, it doesn’t let you off the hook if you’ve paid up.

Spora is spread by social engineering.  Potential victims receive an email with a zip file claiming to be an invoice.  The zipped file appears to be a DOC or PDF, and when it’s opened it runs a file that writes and executes an encoding script.  From there, it encrypts local and network files in a very sophisticated per-file way.  The malware is smart enough to leave files that allow the computer to run and then serves up a professionally-designed ransom note with instructions for the victim.  To make Spora even more unique, it is able to look at statistics of the victim and assigns a custom ransom amount.

If you opt to pay the ransom, you are given the choice of different packages to choose from.  You can choose to simply regain access to your encrypted files, but other packages allow you immunity from future Spora attacks.  How trustworthy this is is not currently known.  Given, however, that this ransomware is thought to be sold as a service to hackers, it is possible that the immunity does work, even if it is sent from a different hacker.

As always, the best thing to do is to not open email attachments, especially zip files, Word docs or PDFs.  If you don’t know the sender, send that message to the junk folder.  If you’re the least bit suspicious of an attachment and it comes from someone you know, contact them to make sure the file is legit before you open it.

Comments

  1. Can you reformat the disc to get rid of the Ransomware? We do back up on Carbonite so files will not be lost.

  2. It depends on the strain. Ransomware malware preys on those without good data backup, disaster recovery and business continuity. In theory, if you are 100% positive you have your data, then you can reformat, reinstall all of your apps, and restore your files from backup.

Leave a Reply to Kirit Mehta Cancel reply