Values can be derived from target specific elements and used to generate a decryption key for an encrypted payload. Target-specific values can be derived from specific network shares, physical devices, software/software versions, files, joined AD domains, system time, and local/external IP addresses. By generating the decryption keys from target-specific environmental values, environmental keyring can make sandbox detection, anti-virus detection, crowdsourcing of information, reverse engineering difficult. These difficulties can slow down the incident response process and help adversaries hide their tactics, techniques and procedures (TTPs).