A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.

Regarding Sicarii’s broken decryption process, researchers said that “during execution, the malware regenerates a new RSA key pair locally, uses the newly generated key material for encryption, and then discards the private key.”