Spora ransomware is a new malware family that uses a sophisticated payment gateway that works on the TOR network. Our removal guide will help you to remove existing infections and protect your computer.
About The Spora Ransomware
Spora ransomware is newly discovered malware famly that has surprised the security experts by including a sophisticated payment gateway. Following the infection the built-in persistence behavior pattern is activated.
This step is used to enable the virus to infect deeply into the system by modifying key registry values and manipulating the Microsoft Windows operating system. Several boot-up options are changed and all Volume Shadow Copies of all files are deleted. This makes file recovery very difficult for the victims.
Spora ransomware’s encryption engine uses the AES and RSA ciphers to encrypt the most popular file types found on the connected drives. A distinctive feature of this virus is that it doesn’t change the file type extensions of the compromised files.
Depending on the geographical strain the victim might see a different language ransom note. Here is an example of the English-language message:
All your work and personal files were encrypted
To restore data, obtaining guarantees and support, follow the instructions in your account.
1. Only we can restore your files.
Your files have been modified using RSA-1024 algorithm. Reverse recovery process is called decryption. This requires your unique key. Choose or “hack” it is impossible.
2. Do not turn to intermediaries!
All recovery keys stored only in our country, respectively, if you someone will offer to restore the information, in the best case, he first buys the key here, then you will sell it at a premium.
If you can not find your Sync Key
The victim is presented with a very advanced payment gateway which uses the TOR anonymous network. The criminal operators of the Spora ransomware offer various “packages” to the victims:
- FULL RESTORE – Fully restores the affected files.
- IMMUNITY – Guarantees immunity from malware.
- REMOVAL – Removes the malicious payload from the system.
- FILE RESTORE – Restores individual files.
How Does The Spora Ransomware Infect Computers
The large-scale attack campaigns that carry the Spora ransomware threat are initiated against Russian-speaking computer users. The virus poses as invoices and other important documents coming from 1C which is a very popular accounting software used in Russia and other former USSR countries. The messages contain files named Экспорт из 1С.a01e743_рdf.hta which in Russian means Scan-copy _ 10 Jan 2017. The used double extensions trick the victims into thinking that the files are items of interest.
Other distribution techniques include browser hijackers, malicious ads and infected software bundles as well as counterfeit installers, patches and updates downloaded from untrusted sites and BitTorrent networks.
How To Remove The Spora Ransomware and Recover Affected Files
You can use a trusted anti-spyware solution to remove active infections and protect your computer .