Security researchers have found a new ransomware program dubbed Spora that can perform strong offline file encryption and brings several innovations to the ransom payment model.
The malware has targeted Russian-speaking users so far, but its authors have also created an English version of their decryption portal, suggesting they will likely expand their attacks to other countries soon.
Traditional ransomware programs generate an AES Advanced Encryption Standard key for every encrypted file and then encrypts these keys with an RSA public key generated by a CnC server.
Most ransomware programs contact a command-and-control server after they're installed on a computer and request the generation of an RSA key pair.
For example, if the server is known by security companies and is blocked by a firewall, the encryption process doesn't start.
Some ransomware programs can perform so-called offline encryption, but they use the same RSA public key that's hard-coded into the malware for all victims.