Ransomware Research
Spora Ransomware
Spora is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on January 1, 2017, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Spora
- First Seen
- January 1, 2017
How Spora Ransomware Works
Targeted Files
https://www.hybrid-analysis.com/sample/07e2ef1fcbeb6514b232f8a4d36272404e767ba797d3cba97cf27961861a6b96?environmentId=100 https://app.any.run/tasks/1f1e68fa-59ce-4856-85ef-40d2ce4d09f8/ 2637247ad66e6e57a68093528bb137c959cdbb438764318f09326fc8a79bdaaf -> contains VM and other checks
Ransom Note and Payment Demands
After encrypting files, Spora displays ransom notes demanding payment for file recovery:
/^README_\w{8}\.hta$/
Ransom message:
notes/README_sTlLoTpq.hta
Note locations:
EveryFolder
/^HELP_[A-Za-z0-9]{8}\.html$/
Note locations:
EveryFolder
/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}\.HTML$/
Ransom message:
notes/USC31-0AFRT-XHTZT-AATXE-GTAZY.HTML
Note locations:
EveryFolder
/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}\.HTML$/
Ransom message:
notes/USAF2-7DZTZ-TZTXF-THZTZ.HTML
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with Spora ransomware:
readme.hta
Скан-копия _ 10 января 2017г. Составлено и подписано главным бухгалтером. Экспорт из 1С.a01e743_рdf.hta
spora.hta
spora.bin
Spora.hta
Скан-копия _ 10 января 2017г. Составлено и подписано главным бухгалтером. Экспорт из 1С.a01e743_рdf.vhta
Not Sure.hta
goodtdeaasdgb54.exe
1.vir.HSvir
Spora.scr
welcome to dreamland.scr
1.scr
Spora.exe
410a0e9.exe
Lemr
Jass
spora.exe
a9a19.exe
rad43969.tmp.exe
radF0D46.tmp.exe
aa
cThVqM.msc
2b8d9412-046c-0916-0679-30387c1682a2.exe111
2b8d9412-046c-0916-0679-30387c1682a2.e111xe
2b8d9412-046c-0916-0679-30387c1682a2.exe1
0d603f742bb
0d603f742bb.exe
b50ba7df-db3d-4ff4-ca25-25a0b95e58ac.exe1
0d603f742bb.ex
FileSpy
FileSpy.EXE
EGUIKSAMJI.EXE
radF14DE.exe
rad73C77.exe
radC24A0.exe
rad0F77A.exe
rad0BA51.exe
rad895B5.exe
Elastio Can Help You
Don't let Spora ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Spora ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Spora.
Last updated: July 30, 2025