Good afternoon.
This morning I found that my laptop had been infected by the SPORA Ransomware virus. I have googled it in order to discover what it is, where it might have come from, and how to deal with it.
I recognised comments from others who became infected after a normal website popped-up a bogus missing-font-in-Chrome report, as that happened to me last night just before I closed down and went to bed - obviously the cause.
I have now read of the various approaches that can be taken, all following the same general path: 1) Remove Spora either manually or with a removal tool, 2) Endeavour to replace/recover the encrypted files via recovery tools, backup options, shadow volume copies, 3) Verify the removal.
I am mighty angry because this nasty little process encrypts documents/files which presently can not be reversed other than by the decryption key itself, and also because the lowlifes that are doing this present a price-list of options for the money they are extorting!
"Would you like us to extort $79 Dollars for an unlock but no files back, or $50 for one particular file that your family treasures, $300 for the whole deal, and maybe just another $20 as a bargain offer so we don't include you all over again in the next round of extortions?"
Unbelievable!! Except that it is right there!!
Anyway ...
I am not computer-savvy enough to jump right in with confidence that I will have dealt with all the small-points along the way as well, which for example could leave a door open for it to return. So I should be very grateful if someone would take me through the steps of dealing with the infection.
I understand that decryption however is not an option, just removal.
I do backup however, usually monthly, so from an initial quick check I should be able to replace quite a lot of what is encrypted. In the almost-month since my last backup however there has been a lot of new stuff I can't get back .. all kinds of Christmas things/photos for the family, an amount of personal correspondence etc.
I am a writer and also a composer, and by far the biggest loss is whole sections of writing that will take me a lot of time and trouble to try redoing but I won't capture again precisely the same. Even more importantly still, there are pieces of music that I was very excited at having recently completed that it is simply impossible for me to capture again!
So would someone please help me to get this thing off my computer completely and reliably, and I will have to do the best I can to replace encrypted files from my backups.
I do have one very important question to ask: I keep my work separate by using different external drives for each project. SPORA has therefore infected not only my computer's hard drive but also the files/documents on the external drive that was connected at the time.
My question is, if I connect this portable drive to a clean computer to carry on, will the infection spread as a result and make that one the same? This is very important as I want to get back on and try rebuilding the lost music somehow, but don't know if the portable drive is safe or just waiting to burn whatever it is connected to ... please can you advise in that regard right at the start so I know if I can safely access the work in files there and quickly carry on? I'd be very grateful indeed to know!!
And finally regarding the portable drive, I know it is infected for three reasons:
- firstly because text files and photos on it are unopenable in the same way
- secondly because I have noticed random new files in various folders like the html file on the desktop
- and thirdly - because someone presumably thought it was funny - SPORA has also replaced the thumbnail image associated with a video (like the album-art that you see when playing an mp3) by a porn photo. I take videos of dance-practise for my ballet score, I also video performances and more to review with the dancers and musicians ... and every one of those and more is now represented by a porn picture on the player!
I have atached the required "FRST" and "Additons" documents, and any guidenace from here would be most kind, Thanks!
Howard
This morning I found that my laptop had been infected by the SPORA Ransomware virus. I have googled it in order to discover what it is, where it might have come from, and how to deal with it.
I recognised comments from others who became infected after a normal website popped-up a bogus missing-font-in-Chrome report, as that happened to me last night just before I closed down and went to bed - obviously the cause.
I have now read of the various approaches that can be taken, all following the same general path: 1) Remove Spora either manually or with a removal tool, 2) Endeavour to replace/recover the encrypted files via recovery tools, backup options, shadow volume copies, 3) Verify the removal.
I am mighty angry because this nasty little process encrypts documents/files which presently can not be reversed other than by the decryption key itself, and also because the lowlifes that are doing this present a price-list of options for the money they are extorting!
"Would you like us to extort $79 Dollars for an unlock but no files back, or $50 for one particular file that your family treasures, $300 for the whole deal, and maybe just another $20 as a bargain offer so we don't include you all over again in the next round of extortions?"
Unbelievable!! Except that it is right there!!
Anyway ...
I am not computer-savvy enough to jump right in with confidence that I will have dealt with all the small-points along the way as well, which for example could leave a door open for it to return. So I should be very grateful if someone would take me through the steps of dealing with the infection.
I understand that decryption however is not an option, just removal.
I do backup however, usually monthly, so from an initial quick check I should be able to replace quite a lot of what is encrypted. In the almost-month since my last backup however there has been a lot of new stuff I can't get back .. all kinds of Christmas things/photos for the family, an amount of personal correspondence etc.
I am a writer and also a composer, and by far the biggest loss is whole sections of writing that will take me a lot of time and trouble to try redoing but I won't capture again precisely the same. Even more importantly still, there are pieces of music that I was very excited at having recently completed that it is simply impossible for me to capture again!
So would someone please help me to get this thing off my computer completely and reliably, and I will have to do the best I can to replace encrypted files from my backups.
I do have one very important question to ask: I keep my work separate by using different external drives for each project. SPORA has therefore infected not only my computer's hard drive but also the files/documents on the external drive that was connected at the time.
My question is, if I connect this portable drive to a clean computer to carry on, will the infection spread as a result and make that one the same? This is very important as I want to get back on and try rebuilding the lost music somehow, but don't know if the portable drive is safe or just waiting to burn whatever it is connected to ... please can you advise in that regard right at the start so I know if I can safely access the work in files there and quickly carry on? I'd be very grateful indeed to know!!
And finally regarding the portable drive, I know it is infected for three reasons:
- firstly because text files and photos on it are unopenable in the same way
- secondly because I have noticed random new files in various folders like the html file on the desktop
- and thirdly - because someone presumably thought it was funny - SPORA has also replaced the thumbnail image associated with a video (like the album-art that you see when playing an mp3) by a porn photo. I take videos of dance-practise for my ballet score, I also video performances and more to review with the dancers and musicians ... and every one of those and more is now represented by a porn picture on the player!
I have atached the required "FRST" and "Additons" documents, and any guidenace from here would be most kind, Thanks!
Howard
