• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Meet Spora, a ransomware that infects users in good faith – Literally

January 14th, 2017 Uzair Amir Security, Malware 0 comments
Meet Spora, a ransomware that infects users in good faith – Literally
Share on FacebookShare on Twitter

Security researchers have discovered a new ransomware campaign that not only gives back the encrypted files after payment of ransom but also offers immunity from future ransomware attacks to the victim. It is being distributed through spam emails that appear as invoices and contain a ZIP file in which an HTML Application or HTA file is stored. The file pretends to be a .DOC or .PDF file. Therefore, the victim believes it as a simple document and opens it. Once opened, the file extracts a Jscript in the %TEMP% folder after which it inserts an encoded script into it and runs the file.

This new ransomware has been named as Spora and researchers noted that this is quite a sophisticated malware having well-implemented encryption features, very organized payment portal and numerous options for a ransom payment. Usually, ransomware offers just one package for a ransom payment, but Spora offers several packages such as victim can choose only to recover encrypted data or opt for recovering data and gain immunity from future ransomware attacks.

Read More: LG Smart TV Screen Bricked After Android Ransomware Infection

According to Emsisoft’s research team, It leverages encryption using the Windows CryptoAPI and the process of encryption is a combination of RSA and AES keys. The public RSA key is embedded within the executable file and its purpose is to create a fresh pair of 1024 bit RSA keys, one of which is private while the other is a public key. To encrypt it, another 256 bit AES key is generated, which aids encryption using the public RSA key along with information stored in a .KEY file.

Ransom note comes in the Russian language

As apparent, the encryption process is quite complex and that’s why researchers claim that Spora is a powerful ransomware. It is also worth noting that Spora carries out encryption without relying upon instructions from a command and control/c&C server link. Its encryption process is so strong that a decryption tool developed for a victim won’t help another victim of the same ransomware. That’s why at the moment security researchers are unable to assist victims through offering a particular remedy for files restoration without paying the ransom since no single mechanism can work for all.

The pricing procedure of Spora is also quite distinct. The ransomware determines how much the victim needs to pay and the .KEY file stores critical information about the victim and the machine such as the date of infection, username and location of the system. This file also includes a campaign ID in the form of a hard coded identifier. This depicts that Spora is being sold as ransomware-as-a-service.

Through storing the data in .KEY file as six numeric values, the malware manages to assess ransom amount and these values are also added in the user ID sent to the attackers by the victim for accessing the payment portal.

There are in total five 5-character blocks that are separated by a hyphen and if five characters aren’t added in the last block, then it is “padded with Y-characters,” explain the researchers. Through this tactic, it becomes possible to track the number of files that Spora has encrypted.

Never download files from an unknown email and never click on an unknown link.

[fullsquaread][/fullsquaread]

Read More: MongoDB Databases being Targeted by Cyber-criminals for Ransom

“We are currently working together with help platforms like ID Ransomware and No More Ransom in an attempt to gather statistics based on the identifiers contained in uploaded ransom notes,” added Emsisoft’s research team.

[src src=”Image Via” url=”https://www.pexels.com/photo/lego-walpaper-computer-59628/”]Pixels[/src]

  • Tags
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Privacy
  • Ransomware
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Student Arrested for Selling Keylogger that Infected thousands of devices
Next article Netflix Users Targeted with yet another sophisticated Phishing Scam
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us