back to article No C&C server needed: Russia menaced by offline ransomware

Miscreants have cooked up a new strain of ransomware that works offline and so might be more resistant to law enforcement takedown efforts as a result. The ransomware family (identified by various names by antivirus firms) manages to encrypt files on infected Windows PCs without storing the entire decryption key locally – and …

  1. hplasm Silver badge
    Headmaster

    Eek!

    "Check Point reached out..."

    Don't. Just stop.

  2. Snivelling Wretch

    Amen to that, brother!

  3. allthecoolshortnamesweretaken

    I thought the russian method of offline ransom operations involved a couple of guys (of the no-neck variety plus one smart guy) coming round for a glass of tea and a chat.

    1. Tenacal

      "I thought the russian method of offline ransom operations involved a couple of guys (of the no-neck variety plus one smart guy) coming round for a glass of tea and a chat."

      A barbaric method.

      Tea? In a glass? Get out.

      1. Dan Wilkie

        It's true, when I was last in St Petersburg they have me "tea" in a glass cup. Worst cup of tea ever, I've never been so glad to jump back on a BA flight!

    2. Swarthy Silver badge

      I thought the russian method of offline ransom operations involved a couple of guys (of the no-neck variety plus one smart guy)...
      And Kapersky has form dealing with that kind of ransom as well.

    3. chivo243 Silver badge

      ... a glass of tea and a chat."

      Let me finish that for you, ....and a pillowcase of doorknobs, a carpet and a bag of lime... and the trunk/boot on their Lada open. Also two look out guys at each end of the street. Not that I've seen this kind of thing...

  4. auburnman
    FAIL

    "No internet connection needed"

    How do you justify saying no internet connection needed in the title? It looks like the malware would most likely be contracted online and the ransom payoff would be done online just like its predecessors in the field of malicious encryption. Was 'No C&C server needed' not good enough clickbait?

    1. Mephistro Silver badge

      Re: "No internet connection needed"

      "It looks like the malware would most likely be contracted online and the ransom payoff would be done online just like its predecessors"

      I don't think you are getting the point.

      With this method, the miscreants control the business through free, temporary and totally* anonymous -even for state agents!- email accounts. They can request ransom in BTC just like everyone else.

      And there are no servers to be seized to recover the keys/help identify the miscreants..

      Note* With the help of the TOR network or similar.

      1. auburnman

        Re: "No internet connection needed"

        No, I understand the method, and how worrying it is that there are no servers to trace. I was moaning about the article title, which has since been mysteriously edited...

  5. Anonymous South African Coward Silver badge

    <insert bad word here>

    not nice!

    was victim to cryptolocker once, but backups saved the day!

    not in the mood for a repeat of that!

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    The sha256 hash is 1caf864c9b28b4f72a8dea5db128aeae9cd79d1063baa86c0d383d67d0fdacb5 but malwr dot com isn't sharing the file. I am curious if it generates new email addresses for each user or every x user. I suppose that at some point it has to send the key out somewhere.

    1. Anonymous Coward
      Anonymous Coward

      Ok, I found a sample that is shared on malwr:

      sha256:

      867b30f389c0bb3845ff218ee76c3a1ce62ac46028efc8aecc36ee2450f993f0

      and

      9dfb4b5bc025f6534ec85200956790ae70ab65b84921471447a43814e487c955

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019