Formidable Ransomware Virus on the Loose

By Greg McNevin

June 12, 2008: Kaspersky labs has issued a warning that the Gpcode – a virus that encrypts a users files so they can be extorted for the password – is again on the loose, only this time it features an almost un-crackable 1024-bit key.

Known as ransomware, the virus takes over a users computer, locking up their files and giving them an email address in which to organise payment for the key.

Kaspersky’s virus software is able to detect the virus, but as yet the company has not been able to crack the encryption key. It has called on industry experts for help saying it has enough information to work with, but needs additional muscle to break Gpcode.

The virus first surfaced two years ago, however, that time it was defeated as its author made some mistakes implementing the encryption algorithm according to Kaspersky. Unfortunately, it looks like the lesson was learned back then.“The author has bided his time, waiting almost two years before creating a new, improved variant of this file encryptor,” writes the firm on its official blog.

“Gpcode.ak does not repeat the errors found in previous versions of the virus.”If infected, the company warns user to not restart or otherwise switch off their machines, but rather to contact it at stopgpcode@kaspersky.com with information such as the exact date and time of infection and everything that was done on the computer in the five minutes before the machine was infected, including programs executed and websites visited.

The company says that it will try to help those infected recover data.

Comment on this story