Friday, 6 November 2015

Ransomware Encrypts Offline Computers

In the case of a ransomware infection may help to disconnect from the Internet, so as to avoid encrypting files, but researchers have discovered a variant which also works with computers that are offline. It is ransomware aimed at Russian Internet users.

The ransomware encrypts files and changes the wallpaper of the computer. "Although most ransomware requires an Internet connection and a successful connection with the C & C servers Before encryption begins, this one does not require an Internet connection to encrypt files and show the hostage message," said security company Check Point.

According to the investigators, this means that there is no encryption key between the infected computer and attacker is exchanged, which prevents any ability to stop the attack. The ransomware demands a ransom amount of 290 euros on the first day of the infection. A day later, victims must already pay 360 euros for the decryption key. For the encryption there are two levels of RSA encryption. As mentioned, the ransomware locally the files without first encrypting may approximate the C & C server.

To decrypt the files, the attacker must first receive a file from the infected machine. It is not feasible to decrypt the RSA encryption without the private key of the attacker. This would, according to Check Point estimated two years to complete require a lot of computers. Paying the ransom is therefore the only way to recover the encrypted files, according to the company. Although the security company is only now reported on the ransomware shows that have existed since June last year and especially in Russia to be active.

No comments:

Post a Comment