Explained Highly Harmful ransomware: Spora ransomware
These days, ransomware has turned into the most prevalent sort of malware. A large portion of the new families are set up by novices (script-kiddies) and they are appropriated on a little scale. There are just a couple significant players on this market are set up by experts. As of late, Spora ransomware joined this set. As we will see, a portion of the components propose that there is an all around arranged group of offenders behind it.
Spora got some buildup of being a ransomware that can encode documents disconnected. Indeed, this idea is nothing novel – we as of now observed numerous ransomware families that can do likewise. For instance DMA Locker 3.0, Cerber, or some more up to date releases of Locky. In any case, it has some different components that make it fascinating.
These days, ransomware has turned into the most prevalent sort of malware. A large portion of the new families are set up by novices (script-kiddies) and they are appropriated on a little scale. There are just a couple significant players on this market are set up by experts. As of late, Spora ransomware joined this set. As we will see, a portion of the components propose that there is an all around arranged group of offenders behind it.
Spora got some buildup of being a ransomware that can encode documents disconnected. Indeed, this idea is nothing novel – we as of now observed numerous ransomware families that can do likewise. For instance DMA Locker 3.0, Cerber, or some more up to date releases of Locky. In any case, it has some different components that make it fascinating.
Analyzed samples
- 0c1007ba3ef9255c004ea1ef983e02efe918ee59 – case #1
- 4a4a6d26e6c8a7df0779b00a42240e7b – payload #1 – Spora ransomware <- main focus of this analysis
- 38e645e88c85b64e5c73bee15066ec19 – payload #2 – a downloader similar to this one
- 57484440f7be94394fd851de3e416285 – case #2 (captured 06.03.2017)
- 3b80deb6d55cb0bb8560afd22238885c – payload – Spora ransomware
Distribution method
Spora is distributed by various ways – from phishing e-mails (described here) to infected websites dropping malicious payloads.
Some examples of the distribution method used by this ransomware are described here (the campaign from 14.02.2017) and here (the campaign from 06.03.2017).
Article Source : Open Search ..
No comments:
Post a Comment