A ransomware that allows hackers to work offline has been spotted in the wild.
The malware is a new variant of CryptoMix, dubbed 'Error', that can add an extension to encrypted files and sets about its work with no network communication.
BleepingComputer first uncovered Error, so-called because the extension that it appends reads “.ERROR” BC and also found that it contains 11 public RSA-1024 encryption keys that will be used to encrypt the AES key that encrypts a victim's files. This allows the ransomware to work completely offline.
While overall the encryption methods stay the same, there’s also a new ransom note.
As it can run independently, without the need to communicate back to command and control servers, it’s harder to spot using traditional tools.
“The real lesson is that cyber-attacks - whether malware, ransomware, or otherwise - are getting more nefarious,” said Ken Spinner, vice-president of field engineering at Varonis, via email. “They’re leveraging new exploits, spreading further and faster, affecting more victims, and causing significant and lasting damage.”
He added: “New variants continue to be introduced at a rapid pace, because it’s an approach that’s working for criminals. Why reinvent the wheel when minor modifications of existing malware will do? It’s a small investment that brings the promise of a big payout.”