CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 6th, 2008

Updated Blackmailer Virus Gpcode Encrypts User Data And Demands Payment For Decryption

A new version of Gpcode, which was recently discovered, uses a complex encryption algorithm to encrypt user files, making it impossible to open them. The files that might be encrypted by this virus are .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and some others. Encrypted files original name will remain but a suffix “._CRYPT” will be added to each file. It also drops a file called “!_READ_ME_!.txt” onto the same folder with encrypted files, which contains the following text:

“Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: ********@yahoo.com”

Files encrypted by previous versions of Gpcode were possible to decrypt. In the past, signatures for Virus.Win32.Gpcode.ai have been added to the Kaspersky Anti-Virus databases. This time quick and painless decryption should be impossible, since Kaspersky analysts confirmed a strong 1024 bit encryption that can not be decrypted without the original key.

Kaspersky Lab offers affected users to contact them at [email protected] by using another PC in case of this particular infection. Users who did not reboot or turn off their infected PC, who can tell what did they do before the infection occurred and who can tell the exact infection time and date, will be helped and Kaspersky Lab promises to do everything they can to restore the encrypted files.

If your files have been encrypted by Gpcode, Kaspersky Lab strongly recommends that you should not pay money to the creators of this virus, as this will encourage further crime. There is also no guaranty you will receive the decryption key after payment.

Share this item with others:

More on CyberInsecure:
  • New LoroBot Ransomware Encrypts Files, Demands $100 For Decryption
  • Scareware Makes Files And Folders Invisible, Demands Ransom For Repair Utility
  • CheckFree Online Payment Site Hijacked By Criminals, Users Redirected To Rogue Server
  • Locked iPhone Allows Passwords Theft And Decryption
  • Almost 99,000 Credit Cards Compromised In Data Theft In “Forever 21″ Retail Stores

    • Posted in Cryptography, Malware, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Friday, June 6th, 2008 at 7:55 am and is filed under Cryptography, Malware, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Updated Blackmailer Virus Gpcode Encrypts User Data And Demands Payment For Decryption

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »