Spora Adds a Wretched New Feature to Ransomware

Spora, a new ransomware variant recently discovered, has emerged with advanced features which will cause problems for security solutions working to protect against this type of malware.

I was afraid of this. The motivation and resources are driving attackers to innovate too quickly. Malware and security developers are in a constant race to outmaneuver each other.  Ransomware has been a troublesome problem and it is getting progressively worse. Only recently have some security tools been able to zero in on a possible dependency, that resides in most ransomware, to become more effective against this rising scourge. Then the game changes again.

Basically, most ransomware calls back to a Command and Control (C2) site run by the attacker, to get an encryption key that will lock the victim’s files. It happens after the infection, but before any significant damage is done. This was a known point-of-weakness that anti-ransomware/malware security solutions could take advantage of. Looking for this call is a way to detect infections. If the transmission of the key can be blocked, the ransomware tends to just sit and patiently wait. This gives time for the security tools to sweep in and eradicate the infection.

Spora ransomware advancements

Well, no more. Spora has implemented off-line encryption. Spora bypasses the need to call-home for an encryption key and can immediately begin file encryption once it gains a foothold on the target system. It has a few other features, but none more concerning than the offline encryption capability.

This evolutionary change was expected, but we all hoped it would take longer before the ransomware writers would successfully develop and implement such a feature. I expect other ransomware suites to follow suit, as this is a big step forward for the attackers.

Well my security colleagues, it is time to ramp-up our innovation. Let’s get cracking!

 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags , ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.