Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I downloaded the new Spora Ransomware (like a moron)


  • This topic is locked This topic is locked
1 reply to this topic

#1 mikesmithibo

mikesmithibo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 09 February 2017 - 03:56 AM

So yeah...

 

I downloaded the new Spora Ransonware like an idiot through the ole Google Chrome text pop up. I went to fill out an application from a reputable CPA network and it popped up. Not sure what I was thinking, apparently I wasn't thinking at all.

 

So the ransomware encrypted my .jpg files and most files in my compressed .zip folders. Luckily for me, the only things compressed were downloaded font files which were already extracted, I just had the .zip folders still on my PC and I believe .doc files for Microsoft Word, but I'm not even sure about those because my only indication that it's those too is because when I try to open them in Word, it gives me some message about them being created with an newer version of Word and can't open them, then asks me if I want to download (yeah I'm a little paranoid so I didn't). I deleted Word and the .doc files because they were old and useless and I was paranoid that if I download what Word is apparently asking me to, it will be that again.

 

So anyway, I had nothing backed up, no anti-virus (just malwarebytes free) and pretty much everything that would deem my files doomed for good. Yes I learned my lesson, I will forever back up files. Well I found that I had previous versions saved in Windows of the pictures, so I restored all those previous versions, put them in a folder and uploaded them all to Google Drive for now.

 

Then I went into safe mode, manually deleted everything I found that had to do with the ransomware, disabled the ransomware in my startup items and ran malwarebytes after all that. Then I downloaded HitmanPro and that found more crap to get rid of, one thing still being part of the ransomware. Then I downloaded AVG anti-virus, ran a scan and it found nothing. This is all after I made sure I restored my previous versions of my pictures that mean something to me because I had a feeling those restore points would be gone if I pre-deleted the ransomware. I spent 12 hours tackling this thing because half way through (before I ridded of the ransomware), it re-encrypted my restored files. I freaked out because I thought that was it for my files. I already restored my pictures from my only restore point. Well, my restore points were still in tact so I re-did everything all over again. I made it a success, uploaded everything to Google Drive, then got rid of the ransomware as stated above.

 

Here's the kicker, my computer is a Hackintosh. Hopefully somebody can give me some insight about my concern.

 

Recently I haven't been able to boot into my Mac side of the Hackintosh (this is a totally separate issue from a previous time, still trying to tackle it but I'm not too worried because I know the hard disk is okay). BUT, I really wanted to access some files the other day and found out I can access my Mac partition through Windows using a program that runs in the background called Paragon. I installed that before all this happened and was able to access those files. Problem is, that drive is exposed to my Windows side so before doing all the work I stated above, I noticed that my files from the Mac partition (again, just .jpg for the most part) were encrypted as well. Sneaky ransomware I tell ya. Well of course I tried to restore those but Windows told me there's no restore point for those (obviously compatibility issues, hopefully I can restore them in OSX when I get in there).

 

So what I was worried about really was keeping my Windows side safe, so I deleted Paragon so the drive wasn't exposed to my Windows partition anymore. I unplugged that drive as well.

 

Well now Windows is peachy perfect. Clean, running fast and protected.

 

Now here's the question after my drawn out story(sorry). Do you guys think if I reinstall Paragon to access my Mac partition and the Ransomware is still active in that drive that it will transfer back over to my Windows partition? Or should I play it safe and try to just boot into OS X like normal and tackle the Ransomware that way so Windows stays safe.

 

Any risk to this? Any insight would be awesome. Thank you good people!

 

P.S. Spora blocked me from their website because I crap talked them in the live chat. I informed people they didn't need to pay and there is usually always a way and gave them my process of getting around it. They deleted my messages and blocked me. BUT, I was able to log back in with the key they gave me from my phone to see what people said but I was at my "message limit" so I couldn't say anymore and like I said, my messages were deleted. I have screenshots of me crap talking them. I also have a screenshot of the original pop up that started this mess.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 09 February 2017 - 07:47 AM

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users