Hi, this is Bob. Did you go into my room? Why I can’t find my important files? Oh, I am sorry to be angry at you. Just now I have find my files but I can’t open them. These files seem to be locked by Spore Ransomware. There is a HTML file among locked files. I am told that as long as I pay the price, the key to unlock files will be sent to me. Should I believe the words? Are there other ways to get my files back? I don’t really want to spend a dime. Do you know Spore Ransomware? Any help will be appreciated.
Know about Spora Ransomware
Spora Ransomware is a new ransomware discovered in January 10th, 2017. The Spora ransomware comes from Russia because used language and the origin of the threat name are associated to Russian. In Russian language, the name “Spora” refer to the victims. Its appearance quickly arouses many computer security researchers’ attention because the ransomware has the ability to attack online users. It also has a strong encryption engine and an advanced payment site. So the ransomware is regarded as a member of the most sophisticated ransomware. Like most of ransomware, it mainly encrypts victims’ important file and asks for ransom. However, there is a big difference between the ransomware and other ransomware. Spora doesn’t rename encrypted files or add specific extension to files’ name. For example, “1.jpg” encrypted by Osiris Ransomware (click here to know more about the Osiris) will be renamed to “D89BBG4-G8A1-8G01-AR1G6L1K-HAKK3LOHGM31.osiris”, as shown in the figure below. Unlike Osiris, encrypted files by Spora ransomware don’t have special name. Your encrypted files retain the original name and file extension.
Files that have extensions below may be easily targeted and encrypted by the ransomware:
Files on not only local drives but also shared network drives will be encrypted by the ransomware. However, the ransomware won’t encrypt Windows system files and program directories in order to make victims enter their computer successfully and pay for the ransom.
Have you received the ransom note? While encrypting victims’ file, the ransomware creates a. KEY file and a HTML file. The HTML file contains the ransom note, as is shown in the two pictures.
The screenshots of the ransom note:
(The Russian Ransom Note)
(Translated Ransom Note)
What Information You Get from the Ransom Note?
- Users are told that all files have been encrypted. Other ransomware will make excuses like protecting your computer for files encryption. But Spora doesn’t. It comes straight to the point.
- The ransomware claims that only they can restore encrypted files. Actually, it is difficult to encrypt files because it employs RSA-1024 algorithm and ASA encryption. There are two keys – the public key for encryption and the private key for decryption. But the private key is usually stored in remote servers. Victims are encouraged to follow the instruction and get the private key to decrypt their files. The Key file named after random characters in every folder need to be sent to the developers of the ransomware by using the payment website in order to decrypt your important files.
(The screenshot of Spora payment website)
Spora Ransomware owns a professional payment website and gives detailed instructions. Once computer users click on the ransom note, they will be redirected to the the payment website. Every user receives their own ID based on different hosts servers so that they can purchase the private key to decrypt files. Unlike other ransomware, the payment site of Spora provides victims with all kinds of options. For example, you can pay $79 for fully restoring files, pay $50 for ostensible immunity or pay $20 for removing the ransomware from the system. Some ransomware like Cerber encourages users to purchase decryption tool for all service. However, the developers of the ransomware separate decryption services into several parts and hope users to buy service several times, which actually improve revenue and profit. Victims are only allowed to do the payment in BitCoin (a diginal currency). By the end of January 16th, the Spora’ developer has improved the payment website. In addition to different decryption options, the website provides Help page and details of available payments including discount and deadline. There is a public communication window where users can make transactionon or discuss on the right side of the website. In general, you can’t access the payment website because the payment website is not public and hides in the Tor anonymouse network. Victims can log into the payment website because they have their own ID provided by the ransom note. After the website receive information from ID and key file, victims will be provides with the payment options quickly.
Computer users are not advised to pay for the ransom even though the payment website looks like friendly and professional. It is not safe to make any transactionon by using a strange payment website. There is a big possibility that your personal information or identify will be in the danger of leakage or theft. If possible, computer users should choose a reliable anti-malware program to remove the malicious payload and decrypt locked files rather than visit the payment website.
How Does Spora Ransowmare Get Installed on Your Computer
Summary about Spora Ransomware
|Threat Name||Spora Ransomware|
|Category||Ransomware ; Malware|
|Type of encryption algorithm||RSA-1024 algorithm and AES cryptography|
|Operating System||Windows XP, Windows 7, Windows Vista, Windows 8/8.1 and Windows 10|
|Symptoms||①Encrypt your important data②extort computer users and demand ransom ③Decrease computer performance|
FULL RESTORE: Fully restores the affected files.
|Distribution Methods||Via spam emails, attachments, suspicious links or exploit kits.|
|Solution||Read the detailed guide below or download a removal tool!|
Spora Ransomware Removal Instruction
Restart Your PC in Safe Mode
Restart Your PC in Safe Mode
Press Windows + R key to initiate “Run” dialogue box.
Type “msconfig” in the dialog box and hit Enter key.
Go to the Boot tab and then select the Safe Boot option.
Click on Apply and OK button for changes to take effect.
Choose Restart when you are required by the System Configuration or go to Power menu and then click on Restart.
And then you will see a blue screen, please select Troubleshoot > Advanced options > Windows Startup Settings > click Restart button.
When you see the screen below, select 5) Enable Safe Mode with Networking by pressing F5 or 5 key.
The black wallpaper and the Windows Help and Support window are the signs that you have entered Safe Mode.
Go to Start menu and then click on Restart button.
Tap the F8 key before you see the Windows logo appears
Use the arrow keys to highlight Safe Mode or Safe Mode with Networking from Advanced Boot Options menu, as shown below.
And then you will enter Safe Mode. After you enter the system, the Windows Help and Support window will pop up and give details of Safe Mode and instruction.
Use Auto-fix Tool to Remove Spora Ransomware
Click on the button below and download SpyHunter.
When you open the SpyHunter-Installer, you may be asked whether you want to run this file. In this case, please click Run button.
Select your language and click OK button.
Click Continue button when Enigma Software Installer pops up.
When the setup is completed, click Exit button.
After installation is completed, run the SpyHunter, go to “Start a New System Scan” tab, and click “Scan Computer Now!”
After the scan is finished, screen shows all detected items in the list (click + to read more descriptions about the infection).
Now, press “Fix Threats” button to remove detected computer threat.
Reboot the computer to take effect if you are asked by the program.
Install Plumbytes Anti-Malware by clicking INSTALL.
After installation is done, run Plumbytes Anti-Malware by double-clicking on (or Plumbytes Anti-Malware will run automatically).
Go to OVERVIEW, and then click Run a scan.
After scan is completed, all detected items will show in the list.
Check the box beside Spora or Select All and then click REMOVE SELECTED.
Restart the computer to apply all the changes.
File Restoring Instruction
Option One Use Windows Previous Versions feature
Step 1 Show Hidden Files
Go to File Explorer, click on Organize on the top bar and then select Folder and search options.
Tap View tab and then choose “Show hidden files, folders and drives” in the Advanced settings.
In order to save the change, please click on Apply and then OK button.
For Windows 8/10, you need to go to View tab > Options > Change Folder and search options > Folder Options.
For Windows XP, you need to go to Tools > Folder Options.
Step 2 Restore Previous Version
Find your encrypted files, which aren’t in the System disk because the ransomware won’t encrypt Windows system files.
Right click on one of your encrypted files and then select Properties or Restore previous versions.
Tap Previous Versions tab, and then select one Restore points when files haven’t been encrypted in the list.
Click Restore button when you are asked whether you want to restore the previous version.
You may ask, why can’t I find available versions? Well, one reason is that you haven’t modified the file before. Another reason is that the ransomware may delete shadow volume copies. Moreover, Some systems don’t have the Windows previous version feature. Based on different factors, you may fail to restore the previous version. Don’t be worried, you can take into account using System Restore feature. It is still advised to remove malicious payloads of the ransowmare firstly and then restore your files (Click here to navigate to automatic removal guide).
Option Two Use System Restore
For Windows XP
Click on Start button and then click All Programs.
Go to Accessories, select System Tools and then click on System Restore.
After the System Restore window pops up, you need to choose “Restore my computer to an earlier time” and then click Next button.
All of the dates that have restore points are displayed in the following calendar. There are various types of restore points. The first type is the manual restore point, which means that you create a restore point by yourself. The second type is the installation restore point, which means that the system creates a restore point automatically when important settings or program is installed.
Choose a date on the calendar and then click a restore point.
Click Next button to proceed the process.
You are required to click on Next button after confirming the selected restore point.
Don’t stop the process until the system restore is complete, as shown below.
For Windows 7 User
Right click on My Computer icon and then select Properties.
Click on System protection on left side.
Click on System Restore button.
In the Restore system files and settings page, you can choose Recommended restore or Choose a different restore point, and then click Next button.
Choose a restore point when Spora Ransomware doesn’t enter your computer and then click Next button.
Click Finish button to confirm your restore point. It required you to save any open files and close all programs (see above)
Click Yes button in the pop-up window and wait for completion of System Restore.
If you don’t close the antivirus program, the System Restore will be interrupted, as shown in the figure below. You can try System Restore again and choose a different restore point. If you continue to see this error, you can try an advanced recovery method.
The pop-up window below means that System Restore completes successfully.
Click Close button.
How Can You Keep Your System From Spora?
- Avoid open spam emails or download attachments from unknown email addresses.
- Don’t visit strange websites including phishing websites, pornographic website or illegal trading sites, unless you make sure these websites are safe after the whole scan of antivirus programs.
- Download software you want on the official websites as soon as possible no matter what you use PC or mobile phone.
- Back up your file or system settings regularly in the event of system crash or files loss.
- Install and download system security patches in order to prevent ransomware from exploiting vulnerabilities.
- Install reliable anti-malware programs or blockers and scan your system regularly.
Friendly Advice: Although Spora Ransomare won’t encrypt important system files, computer users are still troubled by other locked files. Its payment website is so professional that computer researchers are surprised at it. However, you are not advised to do the payment based on the unreliable platform and potential safety of your personal information. Computer users need to think twice and ask themselves whether they can stand the payment. According to the research, restoring all encrypted files at least cost you to 280 USD. Maybe you think it is a small number. But paying for the ransom is a risk because no one can make sure you must get these files back. It is strongly suggested to remove the ransomware with reliable removal tools in the post firstly, and then restore your files in order to avoid the second file encryption. Notably, there haven’t been a free decryptor for Spora ransomware because it is new ransomware and its sophisticated encryption method. The only effective and easy method is using System Restore. If you have back ups, you’d better restore files as soon as possible.
YOU MAY ALSO LIKE:
The following video offers a complete guide for Spora Ransomware removal. You’d better watch it in full-screen mode!