Ransomware Spora: A worm with Trojan capabilities

The Ransomware Spora worm spreads like a virus on computers and behaves like a Trojan.

The Ransomware Spora is on the attack. A new worm that behaves like a blackmail Trojan. Analysts for malicious software describe the worm as “the most mature blackmail program ever”.

All it takes is a simple click and the ransomware gets into your operating system and starts to encrypt your personal files. We’ll explain how this malicious worm works and how you can get rid of it.

Spora: Worm with Trojan skills

Spora spreads via e-mail. It seems as if the attachment of the e-mail contains a harmless .pdf or .zip file. But when the document is opened, the worm creeps in, in the form of a malicious .hta file. The malicious software also performs an incorrect .docx file with an error message. This is intended to appease you and make you believe that there has been  a mistake. But there is no error, the worm was released by opening the wrong file instead.

It will now quickly encrypt all personal files and request ransom for the decryption. It is not possible to decrypt the data by deleting the ransomware. But, of course, the worm has to be removed as quickly as possible.

Spora calls for ransom

Spora does its work and a ransom note is issued. The instructions lead to a payment page, which is different from other websites of this kind, because the virus part of the ransom shows payment options. So you buy a service if you follow the ransom claim. You can choose: 20 US dollars for removal of the worm, 30 US dollars is the cost to restore your data and for 50 US dollars you buy immunity against blackmail programs. The complete program you are supposed to get for 79 US dollars. However, the prices vary depending on the geographical location of the victims.

You must pay the ransom in Bitcoins. Whether your data is actually decrypted after the payment is questionable. Because the blackmailers want to earn as much money as possible.

Remove Ransomware Spora safely

And now? How will you get rid of Spora? The easiest way is to have a backup of your data. Then you can delete your hard disk and then bring it back up with the security scanner. If you have no backup, the following way helps:

  • Open Explorer and select the “Options” under “View”.
  • In the folder options, click “View” and check “Show hidden files, folders, and drives”.
  • Click “Apply” and then “OK”.
  • Now go to the Windows folder C: \ Users \ your username \ AppData \ Roaming.
  • Delete the files named 1a8e3632-e36e-d08d-38ec-2d6232957füc.exe; DE6DC-6AZTZ-TZTXZ-TRATR.HTML; DE6DC-6AZTZ-TZTXZ-TRATR.KEY and DE6DC-6AZTZ-TZTXZ-TRATR.LST – you will find it in the Roaming folder.
  • You must also delete files remaining on the desktop, and then empty the Recycle Bin.
  • Now press ALT + F4, select “Restart” and click “OK”.
  • Now your computer should be free of Spora again.

Antivirus software from a professional

You should purchase and download a reputable anti-virus software and scan your computer.