Security researchers have found a new ransomware program dubbed Spora that can perform strong offline file encryption and brings several 'innovations' to the ransom payment model.
The malware has targeted Russian-speaking users so far, but its authors have also created an English version of their decryption portal, suggesting they will likely expand their attacks to other countries soon.
Spora stands out because it can encrypt files without having to contact a command-and-control (CnC) server and does so in a way that still allows every victim to have a unique decryption key.
Traditional ransomware programs generate an AES (Advanced Encryption Standard) key for every encrypted file and then encrypts these keys with an RSA public key generated by a CnC server.
Public key cryptography like RSA relies on key pairs made up of a public key and a private key. Whatever file is encrypted with one public key can only be decrypted with its corresponding private key.