Tag Archives: DOC.HTA

Spora Ransomware : Works Offline & Equipped with Sophisticated Payment Portal

spora-ransomware-1

Spora Ransomware is an advanced encryption virus which shows that ransom developers performing attacks professionally. It includes an extensive ransom notification which support for multiple languages, free decryption of two files, double encryption and a victim-friendly payment website. Spora comes from the Russian word ‘Spore’, which relies on bogus invoice emails for its distribution. These emails bear ZIP files which contains HTA (HTML Application) files as an attachment.

However, users might not realize it. This is just because the HTA files uses double extensions such as ‘DOC.HTA’ and ‘PDF.HTA’, which means that users might only notice the first extension. Clicking on those HTA files launches Spora Ransomware. According to the malware researchers, when a user runs HTA files, then it will extract a malicious JavaScript file named ‘close.js’ onto the %Temp% folder, which then extract an executable file onto the same folder and executes it. The executable generally uses a random generated name. This executable file is the main encryptor and will begin to encode the files and data stored on the infected system.

Continue reading

Posted in Latest News. Tagged with , , , , , .