Spora ransomware has recently been upgraded and it appears that in addition to encrypting victim data, it also has the ability to steal passwords and digital coins from Bitcoin wallets.
By forging the credentials from their victims, criminals secure double profits, earning money from the ransom, and selling stolen information to other criminals in underground forums.
All this is accomplished with the help of a complex encryption process, with which Spora has been known. Encryption combines an AES key and a RSA public key to lock files on the victim's computer.
In addition, the ransomware uses Windows Crypto API to encrypt temporary data as well as Windows Management Instrumentation to delete backups of all encrypted files.
In fact, Spora was from the beginning a very powerful ransomware and now has the ability to steal data. The new variant was identified by its security researchers Deep Instinct.
This version of Spora ransomware - which was disseminated during a 48-hour campaign launched on August 20, is being broadcast by a phishing campaign that sends targets a Word document that claims to be an invoice.
To view the contents of the file, the user is required to activate a Windows Script File, which allows the document to expel its malicious load. This is the first time that Spora is incorporated into a document, according to researchers.
Once executed, the malicious payload starts encrypting the computer's files while changing the file extension names. Along with encryption, it searches and deletes every backups that exist on the computer, before presenting the victim with the ransom note.
Researchers report that the latest version of Spora ransomware also collects the browsing history, web credentials, and cookies of users, and has the ability to record and keystrokes.
Spora ransomware: Protection
While the cryptography used by Spora is particularly strong, phishing emails are somewhat obvious. A user trained to detect fake emails will be able to avoid some contamination.
“Since Spora's attack vector relies on user interaction, user awareness can play an important role in stopping the threat. The basic rule is to give special attention caution στα μηνύματα, τα συνημμένα και να αποφεύγετε να τρέχετε ή να ανοίγετε οποιοδήποτε περιεχόμενο από κάποια μη έμπιστη πηγή”, δήλωσε ο Guy Propper, ερευνητής της Deep Instinct.
