CYBER NEWS

Spora Ransomware Chat Support: A Fascinating Read

F-Secure, the Finnish web security company, recently released a 34-page transcript from a group chat that belonged to the creators of Spora ransomware family.

Spora is a ransomware virus, primarily targeting Russian speakers as evident by its payment page and ransom note both written in Russian. However, other users may have been victimized as well. The encryption algorithm employed was a mixture of AES and RSA.

Related: Remove Spora Ransomware and Restore Your Files

Thanks to the transcripts released by F-Secure we now have insights of how a ransomware chat support works. Conversations with victims cover topics such as payment deadline delays, instructions on how to obtain Bitcoin, etc.

F-Secure’s Sean Sullivan wrote in a blog post that:

We should be thankful that there are at least some practical barriers to purchase Bitcoins. If it were any easier to do so, very little else would check the growth of crypto-ransomware’s business model.

Sullivan also named the collection “a fascinating read”.

In January 2017, I began tracking the “customer portal” of an innovative new family of crypto-ransomware called Spora. Among its innovations are a dedicated domain (spora.biz, spora.bz, et cetera) running a Tor web proxy, HTTPS support, an initially lower extortion demand, and tiered pricing with options to unencrypt individual files (up to 25Mb in size) rather than all.

What were the conversations about?

In one conversation, a victim of Spora said they paid the ransom money but didn’t receive anything in return. The crook on the side of the chap support line said the victim entered an incorrect Bitcoin destination address. Here’s a transcript from that conversation:

Victim: “I already sent you 98USD worth of bitcoin”.

Crook: “But do you agree that it is you mistake, that you entered incorrect address?”

Victim: “I literally copied the address that was given at the refill page. How could I be mistaken?”

Other users were quite angry, or didn’t know anything about ransomware or Bitcoin. There were some who tried to provoke sympathy. Here’s an example: “Am I the one you should hack? No. I am just a salary man who tries to make ends meet and bring foods to his kids.”

Most of the questions in the transcripts however were about Bitcoin.

Related: Bitcoin and Ransomware, Chicken or the Egg

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...