New ransomware threat keeps decrypt key remote from infected hardware

Cyber security firm CheckPoint has uncovered a new strain of ransomware which does not store the decrypt key locally on the device, and does not require an internet connection.

Currently deployed by Russian hackers, the ominous development has serious implications for users.

The decryption key cannot be discovered locally on the machine and used to regain control without paying the ransom.

In addition, the ransmoware does not require an internet connection and communication with the attacker’s command and control structures to initiate the encryption and display the ransom message.

The firm says in a blog post: "This means that there is no key exchange between the infected machine and the attacker, which eliminates one option of stopping the attack."

The researchers say they have found references to the ransomware on Russian internet forums. The first reference was in June 2014, with 11 new versions reported since then.

The blog concludes: "It is not feasible to try to decrypt the remote RSA encryption without the remote private key. The necessary time frame would be approximately 2 years and would involve using many computers. Therefore, paying the ransom to get the decryption application and the decryption keys from the attacker seems to be the only way to recover the encrypted files."

Read the full Checkpoint blog.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing