Spora ransomware has been active since the beginning of this year. Typically, it is distributed through spear phishing and watering hole attacks, but the recently discovered variant spreads through the HoeflerText pop-ups on infected websites in EITest campaigns.
Even though Spora ransomware is not new, the latest modification, when it was first discovered, was only blocked by a limited number of anti-malware programs. This could be due to the fact that the new build is using the polymorphic encryptor to create new copies of itself for further spreading and extra code obfuscation. It also has a slightly changed payload.