Spora is one of the most used ransomware in recent times by hackers, in addition to stealing credentials it spies on our browser history and steals passwords
A group of ransomware-like cyber attacks has been updated to create a new threat called Spora. This malware is capable of stealing users’ credentials and confidential information, and it is also able to figure out what we type simply by recording clicks on our PC’s keyboard.
Spora-type ransomware currently seems to be one of the most used families by cyber criminals. According to cybersecurity researchers, it is a direct replacement for Cerber, the hacker attack that was, and is, able not only to lock the files of infected devices, but also to steal credentials and currencies from Bitcoin wallets. Why don’t these new ransomwares just lock files and demand a ransom? Simple, this way if the victims do not pay the cyber criminals can still profit by stealing money from bank accounts or taking the infected user’s Bitcoins.
How Spora works
All this is done thanks to a complex encryption process. In fact, Spora combines an AES key with an RSA public key to lock the files on the victim’s computer. Moreover, the ransomware also uses the Windows Crypto API to encrypt temporary data and to delete backup copies of all encrypted files. This way, the user is almost forced to pay the ransom if they want to get their documents back. According to cybersecurity researchers from the Deep Instinct company, this is a super-ransomware capable not only of locking any file, even from backups, but also of stealing confidential information to make money for cyber criminals. Along with Cerber, it is considered, not surprisingly, among the most complex and dangerous ransomware ever made.
How Spora is distributed
Hackers started spreading the malware in August 2017 and thanks to a well-structured phishing campaign Spora went viral in less than 48 hours. The email exploited by the virus always works the same way: Spora spreads, in fact, through a malicious Word document present in the message attachment. If the user opens the document, it gives the green light to the malware. According to Deep Instinct researchers, there are several variants of Spora. The most dangerous ones even manage to steal the history and passwords saved on the web browser. Unlike Cerber, which did not affect Russian PCs, Spora seems to have been designed precisely to infect users in Russia. Even though at the moment the ransomware has a global reach anyway.
How to defend yourself
As mentioned Spora is a very dangerous malware. Once infected, it is almost certain that we will lose money or important information. Luckily, however, the virus acts through a phishing email, so with the usual attention on links and attachments it is easy to avoid.