http://i1-news.softpedia-static.com/images/fitted/340x180/researchers-discover-powerful-encryption-capable-ransomware-that-works-offline.jpg
Return of the "offline" ransomware
Check Point researchers are now reporting on a new ransomware family that manages to encrypt files without storing the entire decryption key locally, despite the lack of an Internet connection.
"The encryption functionality is built with several layers of encoding and encryption, including two separate levels of RSA," say Check Point security researchers. "Due to this functionality, the ransomware is able to encrypt all files locally without connecting to a C&C server."
The ransomware does this by generating a local RSA public key which it uses to encrypt files, that it then stores in the metadata of each file. When a victim wants its data decrypted, he can contact the ransomware's operators via email (added to the name of each file), and send one of the encrypted files as attachment.
Full Article