Researchers report that the latest Spora ransomware strain, a highly sophisticated version of the malware, can now spread itself through USB thumb drives. What’s worse, Spora’s encryption procedures don’t have the usual requirements, such as a Command & Control server, a user-friendly payment site, etc.
Like many versions of ransomware, Spora uses a ZIP file that arrives in an email attachment to infect the victim. Once the user opens the ZIP, the file writes a script file and executes it immediately, encrypting the user’s data and holding it for ransom.
However, Spora also exhibits traits associated with “worms”, using new technology from other malware in the form of Windows shortcuts (.LNK files). Spora adds these to files and folders on the desktop, in the root of USB drives and the system drive, and ensures they are hidden. This allows Spora to execute the malware without being detected.
What makes Spora especially dangerous is that this now puts anyone using a USB drive at risk as well. Just navigating through the system, or double-clicking the wrong file will activate the worm, spreading to any connected USB drives, which can then spread to other devices later on.
That’s why it’s so important for you to ensure that your staff understands how dangerous ransomware really is. The more they know, the more likely they’ll wait before double-clicking an email attachment that contains harmful malware.
