Cyber experts warn about three new cyber threats: Spora, Satan, and Sage ransomware viruses

Three new file-encrypting viruses started threatening all online community – Spora, Satan, and Sage. Cyber experts warn that these ransomware viruses has already become a global threat and started actively spreading worldwide. Hence, you should take some precautions[1] to minimize the risk of encountering one of them. Before talking further about freshly discovered viruses, we want to remind to be extremely careful with received emails[2] because they remain the main malware distribution technique. Word, .zip and other popular file types may not be as safe and innocent as you may think. After one curious click, you might receive the ransom note with the worth of your encrypted files in Bitcoins[3]. Sadly, if you do not have data backups, chances to restore files are low. Hence, don’t forget about necessity and importance of data backups![4]

Spora, Satan, and Seige ransomware viruses started spreading

When Spora ransomware has been spotted for the first time, it was targeting Russian-speaking computer users only. Countries such as Russia, Belarus, and Kazakhstan were in the target eye of the virus. It seems that success of this illegal business encouraged hackers to upgrade malware and broaden their target field. Last week Spora virus has been noticed spreading in Austria, the Netherlands, and Saudi Arabia. At the beginning of distribution campaign, ransomware has been spreading via malicious spam emails; however, now hackers upgraded distribution technique and started using RIG-v exploit kits. What is more, Spora distinguishes from other two viruses because of its unique ransom payment system. The payment website offers few options to pay the ransom. It sets different prices for virus removal, data recovery, immunity to ransomware attacks, or offers to purchase the full-service package.

While Spora offers a wide range of services, Sage ransomware has also prepared a well-organized and polished payment website for the victims who want to redeem encrypted files. We want to point out that this activity is dangerous, and you might lose not only your files but money as well. Hackers may not recover your data even if you transfer the demanded sum of money. Sage virus is known as an updated version of CryLocker ransomware and also spreads via malicious spam emails. What is interesting, developers do not try to pretend to be from some organizations and trick victims into opening the attachment. They just send and empty message without the subject line and attaches two .zip files that include infected MS Word or .js file. Here we have to remind you that opening email attachments might be extremely dangerous, so you should never open unknown emails and files attached to them.

Last but not least is Satan ransomware. It has not only and evil name, but also evil features and purposes. This virus belongs to the group of Ransomware-as-a-Service viruses[5], so users can update the malware and launch new distribution campaigns. Nowadays many wannabe hackers would gladly use this service to learn about cyber crimes and swindle just a little bit of money. For using these services, users have to pay 30% of received ransoms. Malware can be updated and translated into various languages. This feature allows variants of Satan virus to spread worldwide and target specific countries.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions