New strain of Locky ransomware can encrypt files even when server is offline

Listen
Text
  • Small
  • Medium
  • Large

Security researchers are warning of a new strain of the Locky ransomware — the malware responsible for crippling networks at Methodist Hospital in Henderson, Ky., and King's Daughters' Health in Madison, Ind. — that can start encrypting files on a server even when the computer is offline, reports PC World.

Malware typically works by reaching a victim server, encrypting the files and generating two encryption keys for the infected computer, one public and one private. The malware then reports back to the attacker's server and hands over the public encryption key. The private key is what can decrypt the files once a user pays a ransom. This key never leaves the attackers' server, according to the report.

So, if a ransomware virus is blocked by a firewall or doesn't make the connection to the victim's command-and-control server because the computer is taken offline, the malware can often turn ineffective, according to the report.

However, the new strain of Locky doesn't need to make contact with the victim's command-and-control server to start encrypting files.

While this poses a new threat, security researchers report the malware will start encrypting files using a predefined public key that will be the same for all offline victims. Since the key is predefined, it will be the same for all victims. If one offline victim pays the ransom, any other victim can use the same key to decrypt files, according to the report.

More articles on ransomware:

ASC avoids ransomware payment by using backup files 
HHS: Ransomware attacks considered breaches in most cases 
California bill would make ransomware a felony 

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars