Introducing a new sophisticated Ransomware attack – SPORA – Compliments of Russia.
SPORA is very much like previous articles ive written (e.g. Ctytol0ck) – with a couple of interesting differences…
- It runs OFFLINE – once it starts, you dont need to be connected to the internet for it to work. It creates a secure RSA based KEY (unique to your computer) and then goes to work….
- They offer a range of payment plans to recover your files (five in fact!)… They even offer a free 2-file test so you know it works…
- They offer a plan to provide immunity from future attacks (yeah right…)
From what ive read, 99% of infections come from fake invoice (zip file attachments) as per most other like viruses and ransomware programs. My client was simply visiting a website which displayed gobblygook for text and a pop-up appeared saying “You are not running the latest version of Chrome. Click here to update so you can view this website”. Unfortunately, my client clicked the link and was infected!
I have not FOUND anything around as yet to recover these encrypted files as the virus only went global (outside of Russia) a little under 2 weeks ago… So should you get infected, my advice as always would be to NOT PAY THE RANSOM. You have no idea who is getting your credit card info, no idea if the decryption key will work, and no idea where you information will go…
This is a timely reminder to my readers and clients to:
- Ensure you always have an up to date Anti-virus & malware program running
- Ensure you have regular offsite backups which are encrypted (by your backup software)
- Remember, your CLOUD drives are simply another hard drive as far as viruses are concerned. Your cloud files will get infected also!
- If you get infected, IMMEDIATELY disconnect the infected computer from the network!
- Never open a ZIP file (or exe file or anything generally) from an email – especially if you are not 100% sure who its from! Remember, MOST ransomware attacks come from fake reputable companies (without their knowledge of course) – including in recent years Aust Post, FedEx, and an Australian Energy company. Just don’t open them!
The bottom line, these cyber crooks are getting smarter and developing some sophisticated tools, websites and payment options – all designed to make a quick & illegal buck!
Of course if in doubt – call ZIS in to perform a health-check on your IT OR to assist with the removal of malicious applications and their affects.