Remove Spartacus Virus and Restore .Spartacus Files

Remove Spartacus Virus and Restore .Spartacus Files

Spartacus Virus is a newly discovered malware instance that appears to be made by an unknown hacker or criminal group. The security researchers propose that future attacks might impement newer versions of the malware engine.

Threat Summary

Short DescriptionThe Spartacus virus is a malware that encrypts the target data with .spartacus.
SymptomsThe victims will find that their files are encrypted with the .Spartacus.
Distribution MethodSpam Emails, File Sharing Networks, Exploit Kits
Detection Tool See If Your System Has Been Affected by Spartacus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Spartacus.

Spartacus virus – Infection Spread

The Spartacus virus at the moment is being delivered to target users using a lot of different tactics. A preferred method is the use of email messages that use various social engineering tactics. In many cases the criminal operators opt to use graphics and text taken from well-known sites. This leaves the impression in the users that the received messages originate from the services and not from computer criminals.

The malware samples associated with the Spartacus virus can be either hyperlinked in the body contents or attached directly to the messages. A related method is to use various payload delivery mechanisms such as the following:

  • Software Installers — The developers behind the Spartacus virus take legitimate setup files of popular software which are then customized with the malware instance. Examples include computer games, creativity suites and system utility programs.
  • Malware Documents — Another strategy is to embed the dangerous code into documents of different types. Examples include rich text documents, spreadsheets and presentations. Once they are opened by the victims a notification prompt appears which asks the users to enable the built-in scripts (macros). If this is done the malware will be downloaded from a remote server and initiated on the local machine.

Such threats can also be delivered via browser hijackers. They are dangerous web browser plugins that are usually made compatible with the most popular applications (Mozilla Firefox, Google Chrome, Internet Explorer, Opera, Safari, Microsoft Edge). The uploaders usually utiize fake credentials and user reviews and lure victims into downloading the files by posting elaborate descriptions. Once they have infiltrated the target systems various tracking technologies are employed in order to create a complete profile of the victims. The next step is to deploy virus threats such as this one.

Spartacus virus – Technical Data

The initial analysis of the threat shows that it does not contain code taken from the famous malware families. It is believed that it follows similar behavior patterns to other well-known malware. It is possible that the whole operation is run by an individual hacker or a criminal collective.

The engine used by Spartacus is modular in nature which makes it possible to extend its features in updated versions. Newer versions of it can launch an information gathering component. It is started after the infection has infiltrated the computer. Future versions of the virus that contain this module usually work by harvesting data that can be classified in two types:

  • Private Data — The information can be used to directly expose the victims identity and is made up of the victims name, address, telephone numbers, location, interests, passwords and account credentials.
  • Anonymous Metrics — The obtained information is used by the criminals for statistical purposes and usually contains data such as operating system configuration settings and a list of the avilable hardware components.Anonymous Metrics — The obtained information is used by the criminals for statistical purposes and usually contains data such as operating system configuration settings and a list of the available hardware components.

Another possible update is the inclusion of a protective module that can guard the the instances against removal. They typically use the gathered data in order to scan the system for any anti-virus products or other security software that can interfere with the prescribed malware execution. The follow-up steps are to cause system modification as programmed by the hacker operators. This can include any of the following:

  • Windows Registry — The Spartacus virus can be programmed to create new entries in the Windows registry or modify existing ones. As a consequence the users may experience overall performance issues or the inability to launch certain applications or system services.
  • Boot Options — The engine can remove the possibility into entering the recovery menu.
  • Additional Malware Delivery — The Spartacus virus can be used to deliver additional threats if programmed to do so.
  • Trojan Component — In certain cases the Spartacus virus can engage in a network connecton with a malware server. This connection is used to harvest sensitive data and take over control of the infected hosts.

Further code changes can be made depending on the specific hacker instructions.

Spartacus virus — Encryption Process

As soon as all components have executed correctly the ransomware component is started. It uses a complex cipher to encrypt target user data. The collected samples so far seem to target specific locations instead of individual file type extensions. One of the captured samples has been to act against data found in these folders:

  • System
  • ProgramData
  • Desktop
  • My Computer
  • Desktop Directory
  • Favorites
  • Personal
  • My Music
  • History
  • Personal

As a consequence all affected data will be renamed with the .Spartacus extension preceded by the hacker criminal email address in brackets. The ransomware note is created in a file caled READ ME.txt which contains the following message:

All your data has been locked us.
You want to return?
Write email [email protected] or [email protected]
Your personal ID KEY: DvQ9/mvfT3I7U847uKcI0QU3QLd+huv5NOYT2YhfiySde0vhmkzyTtRPlcu73BAJIL***

Additionally a lockscreen instance is used to further blackmail the victims. It is designed as a full-screen overlay which reads the following:

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us the e-mail:
[email protected] and send personal ID KEY:
In case of no answer in 24 hours us to theese e-mail: [email protected]

Remove Spartacus virus and Restore Your Files

If your computer got compromised and is infected with the Spartacus ransomware virus, you should have some experience with removing viruses before tampering with it. You should get rid of the ransomware fast before it can spread further on the network and encrypt more files. The recommended action for you is to remove the ransomware completely by following the step-by-step instructions written below.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share