The year 2017 is off to a bad start now that the ransomware strain Spora has come up with a new type of “freemium” model. A new trend in the malware business emerged late last year, allowing a “try before you buy” feature for specific types of ransomware. Spora launched a total of four payment plans to ensure criminals will spread the malicious software on a large scale.

The New Spora Ransomware Freemium Model

It is not uncommon to see ransomware providers offer a “trial period” before other criminals purchase the toolkit and distribute it. In most cases, one or two random files can be uploaded to a server, which encrypts the uploaded data. Using this method, crooks can determine how the ransomware works, and how effective it will be once deployed.

Spora takes this freemium model to the next level by adding three other options to the table. Their latest business model allows criminals to decrypt two files for free. Additionally, they can also decrypt a few files for US$30, or have the ransomware removed completely for US$20. Yes, it costs cheaper to remove the ransomware rather than decrypting a few files.

Moreover, it is also possible to obtain immunity from this ransomware strain for the small fee of US$50. The advanced plan offers a full restore of the infected machine for US$120. Quite an intriguing strategy, to say the least. This new plan also goes to show how criminals continue to up their game whenever possible.

For the time being, it remains unclear what these new freemium plans will entail exactly. Even though promises are made to do specific things, one can never be sure if they will effectively take place. Establishing a trust relationship with people who do harm to your device and then want to be your friend as long as you pay them is rather difficult.

That being said, the options to provide immunity from Spora as well as the option to completely clean a system, are better than nothing. Although most people still struggle with the concept of making data backups, these additions to the freemiums may indicate criminals are struggling to earn money through traditional means right now.  

Spora is always distributed via email campaigns, although new forms of distribution may pop up in the coming months. Right now, the ransomware hides inside an email attachment, mostly wrapped as an HTA file within a ZIP archive. This HTA file runs a VBScript program which executes as a Javascript file and triggers the payload download.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.