A new ransomware variant dubbed Spora was recently spotted and, because of its advanced features, can cause problems for the solutions that are designed to protect against the ransomware.
According to an Intel Developer Zone report, Spora has created offline encryption that gets around the need for a key and can start file encryption as soon as it gets into the target’s systems. The report said that feature, although there are others, is the most worrisome.
“This evolutionary change was expected, but we all hoped it would take longer before the ransomware writers would successfully develop and implement such a feature. I expect other ransomware suites to follow suit, as this is a big step forward for the attackers,” said Intel.
Ransomware is growing in popularity because the bad guys can make a lot of money holding a consumer’s or company’s data hostage for a ransom. But it’s not only consumers and companies that are the targets. Governments are also victims. In the summer, Proofpoint researchers identified a ransomware scam that sends out emails with an embedded malicious URL instead of attaching infected code to the email message itself.
The ransomware, dubbed CryptFile2, was first discovered in March, but security researchers found that the ongoing campaign adapted its way of tricking people, using embedded URL links to deliver the ransomware. “Between Aug. 3 and Aug. 9, Proofpoint detected a large CryptFile2 ransomware email campaign,” the researchers said. “Bucking the more common trend of attaching malicious documents to emails, this campaign used embedded malicious URLs that led recipients to download Microsoft Word documents. If opened, these documents employ a social engineering lure to entice the user to enable malicious macros. The macros, in turn, download the final ransomware payload.” The scam was targeting government offices.