To Spora ransomware αναβαθμίστηκε πρόσφατα και φαίνεται ότι εκτός από το να κρυπτογραφεί τα δεδομένα του θύματος απέκτησε και την ικανότητα να κλέβει κωδικούς πρόσβασης και ψηφιακά νομίσματα από Bitcoin Wallets.
By stealing the credentials of their victims, criminals ensure double profits by making money from the ransom, but also by selling the stolen information to other criminals in underground forums.
All this is accomplished with the help of a complex encryption process, with which Spora has been known. Encryption combines an AES key and a RSA public key to lock files on the victim's computer.
In addition, the ransomware uses Windows Crypto API to encrypt temporary data as well as Windows Management Instrumentation to delete all encrypted files.
In fact, Spora was from the beginning a very powerful ransomware and now has the ability to steal data. The new variant was identified by its security researchers Deep Instinct.
This version of Spora ransomware - which was disseminated during a 48-hour campaign launched on August 20, is being broadcast by a phishing campaign that sends targets a Word document that claims to be an invoice.
To view the contents of the file, the user is required to activate a Windows Script File, which allows the document to expel its malicious load. This is the first time that Spora is incorporated into a document, according to researchers.
Once executed, the malicious payload starts encrypting the computer's files while changing the file extension names. Along with encryption, it searches and deletes every backups που υπάρχουν στον υπολογιστή, πριν παρουσιάσει στο θύμα το σημείωμα που απαιτεί τα λύτρα.
Researchers report that the latest version of Spora ransomware also collects the browsing history, web credentials, and cookies of users, and has the ability to record and keystrokes.
Spora ransomware: Protection
While cryptography που χρησιμοποιεί το Spora είναι ιδιαίτερα ισχυρή, τα μηνύματα ηλεκτρονικού “ψαρέματος” είναι κάπως εμφανή. Ένας χρήστης εκπαιδευμένος στο να εντοπίζει ψεύτικα e-mails θα είναι σε θέση να αποφύγει κάποια contamination.
“Since Spora's attacking agent is based on user interaction, user awareness can play an important role in stopping the threat. The main rule is to pay close attention to messages, attachments and avoid running or opening any content from an untrusted source, "said Deep Propinct researcher Guy Propper.