Spark Ransomware


The Spark ransomware is a newly discovered strain of file-encrypting malware. There is no hard evidence of what larger ransomware family this new strain belongs to.

The ransomware behaves like most other examples of this type of malware. Spark ransomware would encrypt a large number of files on the victim system, rendering them impossible to open and read. The encryption process leaves the data inside the files in a state which makes it impossible to read normally.

The encryption process, once finished, appends a new ".Spark" extension past the original one. This means that a file formerly called "document.txt" will transform into "document.txt.Spark" once the ransomware has scrambled it.

There is no specific ransom demand named in the ransom note. The note itself is displayed in a pop-up window once encryption finishes.

The full text of the note is as follows:

Spark Ransomware

Whats wrong with my files?

Your files have been encrypted and you are now a victim of Spark ransomware!

You can still recover your files, but you will have to pay for a special key that allows you to decrypt the files.

You can buy the decryption key from our email address. Just write to our email and we will send you instructions.

Be sure not to disable or modify encrypted files! If you do, your files will not be recoverable! Don't turn off your computer either!



Payment will be made by appointment at the email address provided.

Send us all the information about what happened and then send us the amount in bitcoin.

You must have a bitcoin address. If you do not know how to get the bitcoin address click on the "Don't have a bitcoin address".

notvalidemailadress dot ransom at gmail dot com

There is also a live counter that is ticking down, displayed inside the pop-up containing the ransom note. Supposedly, beyond this point, encryption will be impossible as the ransomware gang would not cooperate and send the tools to decrypt files, assuming those tools exist in the first place.

Paying ransom and contacting cybercriminals to negotiate with them is never a good choice. Backups remain the one reliable way to restore files encrypted by ransomware similar to the Spark ransomware.

May 11, 2022