The Spydr Ransomware is a threatening malware designed to lock specific files and render them inaccessible and unusable. The threat achieves its nefarious goal via an encryption routine with a strong cryptographic algorithm. The attackers then extort their victims for money by promising to send the required decryption key and software tool afterward getting paid. Analysis has determined that the Spydr Ransomware is a variant of a previously detected threat named Babuk.
As part of its encryption process, the threat will append '.spydr' to the names of all affected files as a new file extension. A lengthy ransom note will be delivered to compromised systems as a text file named 'RESTORE FILES.txt.'
Ransom Note's Overview
According to the note, affected users will have to pay a ransom using the Bitcoin cryptocurrency, if they want to receive the decryptor tool from the attackers. The exact sum demanded by the hackers is not mentioned but, apparently, victims will receive a discount if they establish contact within the first two days of the ransomware infection. The note provides two email addresses that may be used for communication - 'email@example.com' and 'firstname.lastname@example.org.
As part of their message, affected users are allowed to send two files that will be unlocked for free and returned. The files, however, must have simple extensions (jpg, Xls, doc, but no databases) and should be less than 1 MB in size.
The full text of the note is:
Q: Whats Happen?
A: Your files have been encrypted and now have the "spydr" extension. The file structure was not damaged, we did everything possible so that this could not happen.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.
Q: What about guarantees?
A: To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
Q: How to contact with you?
A: You can write me to: email@example.com or firstname.lastname@example.org
Q: How will the decryption process proceed after payment?
A: After payment i will send exe file that is the decryptor, you need just to run it. It universal, just one file for all systems.
Q: If I donít want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.
A: Discount is made only if you contacted us in 2 days after encryption!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data
YOUR ID IS!'