View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 5, 2015

New ransomware threat keeps decrypt key remote from infected hardware

News: Checkpoint has found a new attack mode.

By Charlotte Henry

Cyber security firm CheckPoint has uncovered a new strain of ransomware which does not store the decrypt key locally on the device, and does not require an internet connection.

Currently deployed by Russian hackers, the ominous development has serious implications for users.

The decryption key cannot be discovered locally on the machine and used to regain control without paying the ransom.

In addition, the ransmoware does not require an internet connection and communication with the attacker’s command and control structures to initiate the encryption and display the ransom message.

The firm says in a blog post: "This means that there is no key exchange between the infected machine and the attacker, which eliminates one option of stopping the attack."

The researchers say they have found references to the ransomware on Russian internet forums. The first reference was in June 2014, with 11 new versions reported since then.

The blog concludes: "It is not feasible to try to decrypt the remote RSA encryption without the remote private key. The necessary time frame would be approximately 2 years and would involve using many computers. Therefore, paying the ransom to get the decryption application and the decryption keys from the attacker seems to be the only way to recover the encrypted files."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Read the full Checkpoint blog.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.