Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support

[Note: This item comes from friend David Rosenthal. DLH]

Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support
By Catalin Cimpanu
Feb 6 2017

The Spora ransomware is slowly making a name for itself as one of the most well-run ransomware operations on the market, with a very well-designed ransom payment portal, some solid customer support, and also efforts to improve the ransomware’s reputation among victims.

Discovered at the start of the year, Spora distinguishes itself from similar threats by a few features, such as the option to work offline, and a ransom payment portal that uses “credits” to manage Bitcoin fees.

Another of those unique features is a real-time chat window where victims can get in contact with ransomware operators.

By tweaking the ransomware infection ID, security researchers can access the ransom payment page of different Spora victims. This has allowed researchers to keep track of conversations between victims and Spora operators.

As stated in our original article about Spora, the criminals behind this ransomware operation consider themselves “professionals” and appear to have considerable experience in running ransomware campaigns.

The thing that stood out for us in the beginning, and is still valid even today, is that the Spora gang pays a lot of attention to customer support.

They provide help in both English and Russian and are very attentive not to escalate conversations with angry victims, always providing appropriate and timely responses to any inquiries.

Spora operators asking customers for favorable reviews

Security researcher MalwareHunter has spotted a few interesting conversations in the Spora ransom payment portal in the past few days.

First and foremost, Spora authors have been very lenient to victims that couldn’t pay the ransom, often offering to extend or even disable the payment deadline altogether.

Second, Spora authors had been offering discounts, free decryptions of important files and deadline extensions for people who were willing to leave a review of their support service on the Bleeping Computer Spora ransomware thread. At the time of writing, we haven’t observed any users taking them on this offer and posting such reviews on our forum.



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s