The encrypted file is contained in a Gauss module that attaches itself to USB drives. When plugged in, the malware collects a variety of system information and uses a cryptographic hash of that data as a decryption key. They key is the result of the system data being passed through the MD5 algorithm, and its hash in turn being passed through the same algorithm 10,000 more times, making it infeasible for researchers to deduce the initial value needed to unlock the malicious code.
Researchers believe the mechanism allows Gauss to remain dormant except on a specific system that was targeted in advance. Stuxnet, which was used to disrupt Iran’s nuclear program, contained a similar mechanism that targeted computer systems at the Natanz Uranium enrichment facility, although Stuxnet didn’t use encryption to conceal its contents.