Researchers Discover Powerful Encryption-Capable Ransomware That Works Offline

  • 4 November 2015
  • 0 replies
  • 101 views

Userlevel 7
Badge +54
By Catalin Cimpanu    4 Nov 2015
 
                                                  http://i1-news.softpedia-static.com/images/fitted/340x180/researchers-discover-powerful-encryption-capable-ransomware-that-works-offline.jpg
 

Return of the "offline" ransomware

 
Check Point researchers are now reporting on a new ransomware family that manages to encrypt files without storing the entire decryption key locally, despite the lack of an Internet connection.
 
"The encryption functionality is built with several layers of encoding and encryption, including two separate levels of RSA," say Check Point security researchers. "Due to this functionality, the ransomware is able to encrypt all files locally without connecting to a C&C server."
 
The ransomware does this by generating a local RSA public key which it uses to encrypt files, that it then stores in the metadata of each file. When a victim wants its data decrypted, he can contact the ransomware's operators via email (added to the name of each file), and send one of the encrypted files as attachment.
 
Full Article

0 replies

Be the first to reply!

Reply