The Spora variant was reportedly distributed during a 48-hour phishing campaign Aug. 20, during which cyberattackers sent Word documents disguised as invoices. To view the file, targets were asked to enable Windows Script File, which executed the malware.
Like typical ransomware, the Spora variant encrypts a target’s files and presents the target with a ransom note. However, it also collects browsing history and credentials from web cookies and captures a target’s keystrokes.
“By stealing credentials from victims, criminals are ensuring a double payday, because not only can they make money from extorting ransoms, they can also potentially sell stolen information to other criminals on underground forums,” according to ZDNet.
More articles on cybersecurity:
Philips to update radiation application after discovering security vulnerability
Milestone: Hacking incidents overtake insider breaches for 1st time in 2017
Google pays Uruguayan high student $10k for discovering security flaw
