Updated Blackmailer Virus Gpcode Encrypts User Data And Demands Payment For Decryption
A new version of Gpcode, which was recently discovered, uses a complex encryption algorithm to encrypt user files, making it impossible to open them. The files that might be encrypted by this virus are .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and some others. Encrypted files original name will remain but a suffix “._CRYPT” will be added to each file. It also drops a file called “!_READ_ME_!.txt” onto the same folder with encrypted files, which contains the following text:
“Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: ********@yahoo.com”
Files encrypted by previous versions of Gpcode were possible to decrypt. In the past, signatures for Virus.Win32.Gpcode.ai have been added to the Kaspersky Anti-Virus databases. This time quick and painless decryption should be impossible, since Kaspersky analysts confirmed a strong 1024 bit encryption that can not be decrypted without the original key.
Kaspersky Lab offers affected users to contact them at [email protected] by using another PC in case of this particular infection. Users who did not reboot or turn off their infected PC, who can tell what did they do before the infection occurred and who can tell the exact infection time and date, will be helped and Kaspersky Lab promises to do everything they can to restore the encrypted files.
If your files have been encrypted by Gpcode, Kaspersky Lab strongly recommends that you should not pay money to the creators of this virus, as this will encourage further crime. There is also no guaranty you will receive the decryption key after payment.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.