Spora ransomware was introduced by its developers in the beginning of 2017. However, it has already managed to impress security experts by its encryption procedure, a well-made official website and a ransom notification. This virus is considered one of the most aggressive ones because it doesn’t need the Internet connection to encrypt victim’s files. Infected documents do not change their extensions, but you can’t open them. When trying to do that, you can see the notification that reads:
XXX can’t be opened.
This document is either corrupt or protected under Rights Management.
Infected users are also asked to connect to the payment site of the Spora ransomware to know how much do they need to pay for the decryption of their files. The most surprising thing that we found after connecting to this site is that you can choose the amount of money are you willing to spend on the ransom. Of course, the less you pay, the less you can decrypt. Also, there is a dialogue window on the right where you can leave your question to the developers of Spora ransomware. This “customer” support has surprised even the most experienced security experts because it gives you an opportunity to talk to hackers. The first example of this malware used Russian language and was spread as Скан-копия _ 10 января 2017г. Составлено и подписано главным бухгалтером. Экспорт из 1С.a01e743_рdf.hta file. However, its developers are not silly to miss a change to increase their profit – to collect as much ransoms as possible, they launched English version of Spora ransomware after several weeks of testing their initial virus. Beware that this version has just started spreading via USB sticks, so anyone who connects his/hers USB stick to your computer can infect you with this ransomware virus.