Spora: The New Evolution of Ransomware

More reason to be wary of email attachments...


Spora, a new ransomware, has shaken the digital world, and rightfully so – it’s pretty terrifying. While previous ransomware infections were always transmitted online, Spora doesn’t need an active internet connection to take your files hostage.

How Does Spora Work?

Spora is spread by a ZIP file in an email. This is, of course, a classic spam and malware trick. If you do happen to open this email and the ZIP file, there is an HTA file inside that, usually with a name that would entice you to click on it. That file contains a VBScript program that runs a JavaScript file called close.js. It is that close.js file that creates and runs a program with the Spora ransomware.

It seems like quite a lot to go through to infect a computer and cash in on a ransom, but this is the perfect set up to detract from the fact you are installing an infection. Many people are familiar with malware installing as an EXE file and consider them suspicious. Because of its strange and elaborate process, Spora catches many people off guard while they are looking for that mistrustful EXE file.

Related Read: How to Spot 6 Sneaky Types of Malware

Can You Remove It and Recover the Files?

“Spora has very sophisticated encryption that doesn’t appear to have any weaknesses.”

Here’s the real kicker: Spora has very sophisticated encryption that doesn’t appear to have any weaknesses. And it doesn’t stop there. Once the encryption process is winding down, Spora also deletes shadow volume copies (automatic backup copies of your files), changes your BootStatusPolicy and disables Windows Startup Repair. In other words, you won’t be able to boot into Safe Mode or launch a startup repair to resolve the issue. This is not something you will be able to fix on your own, and a local tech won’t be able to help you either.

Once a system is infected by Spora the user receives a demand for payment in Bitcoin. And they don’t just use a straightforward approach of “pay us and you get your files back”; apparently they have payment options. As a sign of good faith they will decrypt two files for free to prove to you that they can. $30 USD will get you a selection of files decrypted; you can have Spora removed for $20 USD, though presumably your files will still be encrypted; you can have your full system restored for $120 USD and purchase immunity to further infections for an additional $50 USD.

“Spora includes a live chat window where victims of this malware can get in touch with the ransomware operators.”

In a creepy turn of events, the cybercriminals behind Spora show a dedication to “customer” support. Spora includes a live chat window where victims of this malware can get in touch with the ransomware operators. While Spora is Russian malware, they also respond in English. To top it all off, they ask victims to post reviews about their experience once the ransom has been paid and access to files is returned. This is purportedly to build trust that victims will receive their files once they have complied with demands, unlike many other forms of ransomware.

Spora is a form of malware that you want to avoid at all costs. When checking your email, be vigilant about the types of attachments you open and who the sender is. And don’t forget: you’re phone and tablet are also at risk when it comes to this awful malware.

Be sure to protect your PC from all types of malware threats with Digital Care AntiVirus Complete!

Related Read: Doxware: The Latest Online Threat