A new strain of ransomware, Spora, has been described by security experts as one of the most sophisticated and professional samples ever seen. The virus, which was initially contained to Russia and its neighbouring countries, has now been detected in many other nations, including cases in the UK.

Ransomware Recap

Ransomware is the name given to malware that blocks access to systems or files until a demand for payment is met.

A common method (and the way that Spora operates) is to encrypt all of the files on a user’s machine and provide the decryption key only when payment has been made.

Well-known examples of ransomware include CryptoLocker and Locky. Ransomware authors are typically true to their word, and once the ransom has been paid the machine should operate as it did before the attack – although there is no certain guarantee.

What Makes Spora So Sophisticated?

The first thing to note about Spora is that it employs a variety of tactics to try and get onto a user’s system. The email samples that have been seen so far masquerade as invoices from accounting software companies.

Attached to the email is a ZIP file. ZIP files tend to be thought of as relatively low-risk to open. Inside the ZIP file is an HTML Application file with an enticing name to tempt the user to open it.

It’s this file that contains the malicious code that will create and run the Spora program. Unlike many ransomware scripts that require an internet connection, Spora executes locally so can encrypt your files even if you are not online.

Spora Ransomware - Air IT support

Spora ransom message

Spora also has a unique personalisation method, not seen previously in ransomware. After encrypting the files, it creates a .KEY file that the user has to upload via the provided interface. This allows the service to rate the value of the encrypted data and set the ransom accordingly.

There is also a range of options for the infectee to choose from, each at a different price point. The user can decrypt individual files, select a full system restore, or even purchase immunity from future attacks.

Spora decryption screen - Air IT support

Spora decryption payment screen

What to Do?

If you think you’ve been infected with Spora, it’s important that you disconnect your PC from your corporate network and consult your IT team or speak to a security expert, such as Air-IT, before taking any further action.

Paying the ransom should be seen as a last resort and an accredited security professional can see what other options you may have.

Layered Security for Increased Protection

As always with security, prevention is better than cure. Attacks of this nature are on the increase and businesses cannot afford to put their data at risk. Additionally, the upcoming General Data Protection Regulation (GDPR) could mean that you are liable if your company suffers a breach.

Air-IT can help you take a layered approach to your IT security to bolster your defences. We offer protection on your network perimeter, endpoints, email filtering and much more, with a fully-managed solution that will monitor your network for signs of intrusion. Our ransomware blocker would be able to detect and isolate the Spora infection, preventing it from spreading.

Air-IT also has expertise in backup and disaster recovery. Even a comprehensive security plan is not impenetrable, so it’s important that you can get your systems back online quickly if the worst were to happen.

Free IT Security Consultation

Securing your network and users involves a combination of systems, education, and worst-case scenario planning. To assess your current defences and highlight any potential points of weakness, we can perform a full security audit. Alternatively, why not take advantage of a free, initial consultation by booking with us today.

If you’d like to see how your infrastructure would stand up to Spora and other forms of cyber attack, please get in touch with us today.