The Spora ransomware αναβαθμίστηκε πρόσφατα και φαίνεται ότι except από το να κρυπτογραφεί τα δεδομένα του θύματος απέκτησε και την ικανότητα να κλέβει κωδικούς πρόσβασης και ψηφιακά νομίσματα από Bitcoin wallets.
By stealing the credentials of their victims, criminals ensure double profits by making money from the ransom, but also by selling the stolen information to other criminals in underground forums.
All this is accomplished with the help of a complex encryption process, with which Spora has been known. Encryption combines an AES key and a RSA public key to lock files on the victim's computer.
In addition, the ransomware uses Windows Crypto API to encrypt temporary data as well as Windows Management Instrumentation to delete all encrypted files.
In fact, Spora was from the beginning a very powerful ransomware and now has the ability to steal data. The new variant was identified by its security researchers Deep Instinct.
This version of Spora ransomware - which was disseminated during a 48-hour campaign launched on August 20, is being broadcast by a phishing campaign that sends targets a Word document that claims to be an invoice.
To view the contents of the file, the user is required to activate a Windows Script File, which allows the document to expel its malicious load. This is the first time that Spora is incorporated into a document, according to researchers.
Once executed, malware begins to encrypt the computer's files, altering the file name extensions. Along with encryption, it searches for and deletes any backups on the computer before presenting the victim's note to the victim.
Researchers report that the latest version of Spora ransomware also collects the browsing history, web credentials, and cookies of users, and has the ability to record and keystrokes.
Spora ransomware: Protection
While Spora's cryptography is particularly powerful, phishing emails are somewhat prominent. A user trained in detecting fake emails will be able to avoid any infection.
“Since Spora's attack vector relies on user interaction, user awareness can play an important role in stopping the threat. The basic rule is to give special attention caution in messages, attachments and avoid running or opening any content from an untrusted source," said Guy Propper, researcher at Deep Instinct.