Spora Ransomware

The Spora ransomware is a very dangerous computer threat which is very sophisticated and can lead to much damage. Detailed technical information and comprehensive removal instructions are available here.

Spora Ransomware Overview
The virus has been identified by malware researchers to exhibit both ransomware and worm features. It is written in the C programming language and it employs both the AES and RSA ciphers to encrypt target user files and extort the victims for a ransomware payment. In comparison with other ransomware threats, this one does not change the file type extension of the compromised files.

Depending on the victim's location they may receive a different ransom note in HTML format. A sample message reads the following: SPORA rANSOMWARE All your work and personal files were encrypted To restore data, obtaining guarantees and support, follow the instructions in your account. Personal Area xxxxs: //spora.bz> USXXX-XXXXX-XXXXX-XXXXX What happened? 1. Only we can restore your files. Your files have been modified using RSA-1024 algorithm. Reverse recovery process is called decryption. This requires your unique key. Choose or “hack” it is impossible. 2. Do not turn to intermediaries! All recovery keys stored only in our country, respectively, if you someone will offer to restore the information, in the best case, he first buys the key here, then you will sell it at a premium. If you can not find your Sync Key Click here. Upon infection the virus also deletes all Shadow Volume Copies of the compromised host. In addition it also changes several Windows Startup settings. In addition the Spora ransomware scans for installed security software and employs several stealth detection techniques to install itself on the host computer. When the encryption process is complete each infected user is presented with a gateway page which uses the TOR anonymous network.

Each host receives an unqiue ID and via the page they can purchase various "packages". The criminal operators
 * FULL RESTORE  – Fully restores the affected files.
 * IMMUNITY  – Guarantees immunity from malware.
 * REMOVAL  – Removes the malicious payload from the system.
 * FILE RESTORE  – Restores individual files.

The ransomware includes also a built-in live chat function.

Spora Ransomware Distribution
The first Spora ransomware infections were identified in live campaigns in January 2017. The hackers have initiated attacks against targets worldwide – both individual users and companies. The primary infection methods include spam email messages and malicious software bundles.

Spora Ransomware Removal Instructions
Available on source's website.