A newly spotted piece of ransomware allows users not only pay to recover their encrypted files, but also for immunity from future attacks, Emsisoft security researchers warn.
Dubbed Spora, the new threat appears to be the work of professionals, courtesy of well-implemented encryption procedures, a well-designed payment site, and the availability of several “packages” that victims can pay for. Those hit by the malware can choose to recover files only or pay to remove the malware and gain immunity from future attacks.
For distribution, the ransomware uses spam emails that pretend to be invoices. These messages contain a ZIP attachment with an HTA (HTML Application) file inside, masquerading as a PDF or DOC. When run, the file extracts a JScript file in the %TEMP% folder, writes an encoded script into it, and then executes the file.
The ransomware leverages Windows CryptoAPI for encryption, and uses a mix of RSA and AES in the process, Emsisoft reveals. The malware uses a...(continued)