Kaspersky Lab is letting the public know about a new variant of Gpcode called Virus.Win32.Gpcode.ak.
Kaspersky Lab was able to successfully put an end to previous versions of GPcode by cracking its private key of 660-bits in length. This would normally take a PC with a 2.2GHz processor 30 years to crack.
However, Gpcode's author has lengthened the key from 660- to 1 024-bits, and cracking the new key has so far proved unsuccessful.
Using an RSA encryption algorithm, the virus encrypts files with file extensions including doc, .txt, .pdf, .xls, .jpg, .png, .cpp, and .h.
After a file is encrypted, the file extensions are changed to ._CRYPT and the virus places a text file called !_READ_ME_.txt in the same folder.
The text file explains to the user that the file has been encrypted, and in order to gain access to it, the user must buy a 'decryptor'.
Kaspersky Lab is warning affected users to contact it (at stopgpcode@kaspersky.com) using another computer. However, it strongly recommends that the infected machine is not restarted or turned off.
The company is working on finding a way to decrypt these files without an encryption key. In the meantime, it says, users must ensure their anti-malware solutions are set to maximum security and to be vigilant when browsing the Internet and reading e-mail.
Share