Author Topic: Spora ransomware advice needed  (Read 5086 times)

Dee18

  • Handlebar Stache
  • *****
  • Posts: 2206
Spora ransomware advice needed
« on: February 22, 2017, 07:36:43 PM »
My laptop has been taken over by Spora ransomware.  All my files say there is a problem with the content and they cannot be opened.  I received a ransom demand from Spora ransomware.  From what I read on the Internet, this is a criminal enterprise from Russia.  Has anyone here successfully dealt with this without paying a ransom?

WildJager

  • Bristles
  • ***
  • Posts: 440
  • Age: 37
    • Can't complain.
Re: Spora ransomware advice needed
« Reply #1 on: February 23, 2017, 09:06:29 AM »
Without having knowledge on that specific virus, I'd say they probably installed a root virus that intercepts the actions of opening your files rather than manipulating the files themselves.

Save all of the files that are important (not .Exe files or anything, just saves, documents, pictures, etc) then reformat your computer.  That will wipe out any malicious software, and you should have access to your files again.

WildJager

  • Bristles
  • ***
  • Posts: 440
  • Age: 37
    • Can't complain.
Re: Spora ransomware advice needed
« Reply #2 on: February 23, 2017, 09:10:08 AM »
To piggyback, if the individual files are encrypted, you're shit out of luck.  Hopefully you made a backup of all your documents somewhat recently, as is always good practice in case of (traditionally) hard drive failure.

AZDude

  • Handlebar Stache
  • *****
  • Posts: 1296
Re: Spora ransomware advice needed
« Reply #3 on: February 23, 2017, 09:18:39 AM »
Format your PC and restore from a back-up. If you cannot do that, pay the ransom. Those are pretty much your only options.

Afterward, look at your PC habits and determine better measures to prevent this in the future.

Opal

  • 5 O'Clock Shadow
  • *
  • Posts: 1
Re: Spora ransomware advice needed
« Reply #4 on: February 24, 2017, 12:29:47 AM »
Hello! I have same problem with Spora ransomware.... I know this is my own fault and I don't have any backups...I wish I had.
So I want to ask you if is any chance to remove ransomware and recover files without paying bitcoins? Because I've used Google search and found a lot of guides like this - <<<url removed>>> that promotes SpyHunter as a tool that can help me to decrypt my files. But it sounds hilarious that tool that cost 50$ can decrypt Spora crypt...
Thank you for reply!

[MOD NOTE:  That was weird.  Gone.]
« Last Edit: February 25, 2017, 02:25:11 PM by FrugalToque »

Heroes821

  • Pencil Stache
  • ****
  • Posts: 604
Re: Spora ransomware advice needed
« Reply #5 on: February 24, 2017, 07:28:12 AM »
There are several websites of white hats that work on cracking these ransomwares.

Paying the ransom is dangerous as well because there has been a rash of hackers that don't have the ability to decrypt the files after they get paid.

A back up from before it happened will save your stuff, but you might be screwed.  If you want to learn more about the general theme of ransomware and Russian hackers check out Krebs on security blog. 

I with I could help more but google probably has more relevant information. I would also avoid using the computer in question to research these things and if it is on your home network disconnect it in case the malware is designed to propagate across it to your other devices.

bacchi

  • Walrus Stache
  • *******
  • Posts: 7036
Re: Spora ransomware advice needed
« Reply #6 on: February 24, 2017, 08:45:01 AM »
Hello! I have same problem with Spora ransomware.... I know this is my own fault and I don't have any backups...I wish I had.
So I want to ask you if is any chance to remove ransomware and recover files without paying bitcoins? Because I've used Google search and found a lot of guides like this - [link removed] that promotes SpyHunter as a tool that can help me to decrypt my files. But it sounds hilarious that tool that cost 50$ can decrypt Spora crypt...
Thank you for reply!

Don't waste your money. It won't work and is pretty poor anti-malware as well.

And it's awfully suspicious that a first-time poster posts a link to a Russian site sorta-kinda recommending spending $50 for questionable anti-malware.
« Last Edit: March 01, 2017, 06:34:03 AM by FrugalToque »

Heroes821

  • Pencil Stache
  • ****
  • Posts: 604
Re: Spora ransomware advice needed
« Reply #7 on: February 24, 2017, 08:50:00 AM »
Yeah Bacci, Opal definitely sounds like a bot, or something that's a less nice word.

I'm a cybersecurity professional and I'm even leery of giving advice on home ransomware beyond use a back up or pay and take a chance.  The issue with most ransomware is it has a detonation timer where after a week it claims it will delete all your files. 

JoseS

  • 5 O'Clock Shadow
  • *
  • Posts: 15
Re: Spora ransomware advice needed
« Reply #8 on: February 24, 2017, 09:10:37 AM »
Bad news and semi-good news. Bad news is that, if it is the original Spora, they run a professional operation and the files are encrypted beyond recovering by any other means other than paying them. The semi-good news is that because is a professional operation, they are vested on actually decrypting the files once you pay.

Of course, if you pay you are encouraging a criminal enterprise. But, if you need the files...

You can even pay protection so your computer doesn't get infected again!! <sigh>

See here for more info: https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offline-has-the-most-sophisticated-payment-site-as-of-yet/

katsiki

  • Handlebar Stache
  • *****
  • Posts: 2015
  • Age: 43
  • Location: La.
Re: Spora ransomware advice needed
« Reply #9 on: February 24, 2017, 09:16:22 AM »
For those without backups, find a friend and use Crashplan's free setup between PC's.

Dee18

  • Handlebar Stache
  • *****
  • Posts: 2206
Re: Spora ransomware advice needed
« Reply #10 on: February 28, 2017, 07:23:11 PM »
Thanks for you comments and advice.  I did have a backup of 90% of my stuff, but in the end I decided to pay the money to get everything back and save myself hours of work in recreating my most recent documents.  It was a learning experience; I had never even bought Bitcoin before.  Once I paid the money I did receive the key to unencrypt my files within minutes.  So nice to see all those docs again!  I am setting up automatic frequent backups.

Heroes821

  • Pencil Stache
  • ****
  • Posts: 604
Re: Spora ransomware advice needed
« Reply #11 on: March 01, 2017, 06:33:20 AM »
If possible I would do some research and send that key to a trustworthy security researcher team

Dee18

  • Handlebar Stache
  • *****
  • Posts: 2206
Re: Spora ransomware advice needed
« Reply #12 on: March 01, 2017, 07:30:46 AM »
Great idea.  I just found out there is a CS researcher at a local university who is investigating ransomware.  I'll see if he wants it.

Miss Tash

  • 5 O'Clock Shadow
  • *
  • Posts: 62
Re: Spora ransomware advice needed
« Reply #13 on: March 01, 2017, 09:55:43 AM »
The boss at our company got hit with this same thing 2 weeks ago.  It encrypted a bunch of his files and some on our server.  Our IT company spent untold hours getting things off backups.  They also said it was one of the more "professional" outfits and even had a help desk.  Our data was "double encrypted" so their normal recovery tools wouldn't work.   Honestly, just paying the $129 they wanted would have been cheaper, but I wasn't going to say that.  Thank God it was the top guy who got it, not me!

pixondic

  • 5 O'Clock Shadow
  • *
  • Posts: 1
Re: Spora ransomware advice needed
« Reply #14 on: May 24, 2017, 03:42:30 AM »
Spora ransomware is just one of many ransomware trojans. And the rules to avoid it - the same as for others, they are: not open unreliable mail; update your antivirus at least twice a month (Win defender/Avast/Kaspersky/Nod 32 etc); regularly create backups of important data. Except of it I use ransomware scanner [MOD NOTE: suspicious link from first time poster removed[
« Last Edit: May 24, 2017, 05:38:43 AM by FrugalToque »

gooki

  • Magnum Stache
  • ******
  • Posts: 2917
  • Location: NZ
    • My FIRE journal
Re: Spora ransomware advice needed
« Reply #15 on: May 25, 2017, 02:43:29 AM »
Every time you pay you are just encouraging more of this behaviour. They're now richer, better resourced and capable of creating a more devestating ransomeware that will infect you again.

Is this what you want?