A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomware's most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated we've seen from ransomware authors as of yet.
First infections with Spora ransomware were spotted on the Bleeping Computer and Kaspersky forums. Below is an analysis of the Spora ransomware mode of operation provided by Bleeping Computer's Lawrence Abrams, with some information via MalwareHunterTeam and Fabian Wosar of Emsisoft.Spora distributed via spam campaigns
Currently, the Spora ransomware is distributed via spam emails. These emails come with attachments in the form of ZIP files that contain HTA files.
These HTA (HTML Application) files use a double extension, as PDF.HTA or DOC.HTA. On Windows computers where the file extension is hidden, users will see only the first extension and might be...(continued)