[SOLVED] Ransomware, How can it work without an internet connection?

_dawn_chorus_

Honorable
Aug 30, 2017
558
56
11,090
I was just reading an article about "eternalblue" and how it has been used as ransomware to cripple hospitals and local government agencies. I am completely ignorant to how something like that would work but in my mind if you had no internet connection, it couldn't. If you were to get the ransomware say on a laptop, and all your files were on the local drive, would the badies ransomware not cease to work once that computer went offline? Any service as far as I know that takes remote access of your computer needs an internet connection. Worst case scenario your computer is basically bricked and no one has your files, unless they somehow download them to their own cloud/local drive first.
So how does that work?
 
Solution
By far the most common way of becoming infected is through the internet (infected download or email or whatnot). Once the PC is infected, the malware can be disconnected from command servers but if it's already infected the malware will still work in the background doing whatever it's meant to do and wait to re-connect. So a ransomware can still work (encrypting local files doesn't require network resources).
By far the most common way of becoming infected is through the internet (infected download or email or whatnot). Once the PC is infected, the malware can be disconnected from command servers but if it's already infected the malware will still work in the background doing whatever it's meant to do and wait to re-connect. So a ransomware can still work (encrypting local files doesn't require network resources).
 
Solution

popatim

Titan
Moderator
EternalBlue is how the systems are breached, the code that then downloads & runs, usually the main virus load itself, can be anything the attacker desires. So yes, if you don't have internet then EternalBlue can't breach your system.

But if you connect an already infected device or open an infected file (not always an executable) your system will very likely be infected as well because without internet, your Antivirus isn't likely to be updated either.
 
We are talking all theoretical aren't we. Very rare a computer have zero access to the outside world, but sure it can be designed that way. Is been done. But if it was that easy why the government, with all its resources, are worried about the Russians?

Malwares, keep backups, and I don't mean the lazy automatic way, I mean the kind that you do manually, and when done, u actually unplug it and put it away.
 
Last edited: