Recently, ransomware removal experts were in for a surprise as they found Spider ransomware lurking again in the security circles. Cybercriminals associated with this ransomware give a time limit of 96 hours to their victims for paying a ransom amount against returning access to their encrypted files. Now, the question emerges about what makes Spider ransomware distinct from other cyber threats?
Similarities and Distinctness
Initially, ransomware removal experts reported that its working is similar to other ransomware attacks. This includes containing Microsoft Office documents with malicious components. These documents are sent through spam e-mails as part of a sophisticated phishing campaign. Additionally, a script is also implemented to infect victims’ system with a malicious payload that applies encryption on the data stored in the hard disk.
Afterward, cybercriminals associated with Spider ransomware drop a ransom note and demand Bitcoin in return for a key. Cybercriminals claim that only through the use of this key, a victim will be able to decrypt their files. However, ransomware removal experts have discouraged netizens to trust the machinations of these hackers.
Interestingly, ransomware removal experts did find a distinctive property in the modus operandi of Spider. It was noted that the Microsoft Office files used by the ransomware also target businesses and users who rely on cloud storage. In simpler words, this refers to the possibility of a ransomware to infect users by downloading documents from a cloud provider too.
This detail should not worry users much as cloud storage providers usually utilize effective security measures for their clients and their Managed Detection Response strategies are able to predict and deal with a cyber attack properly. However, in order to increase the speed of their operations, a few cloud providers minimize the scanning of all documents which can increase the possibility of a ransomware attack infecting the files of their clients.