If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
[update: Since this was written there's been at least one solution to fix Gpcode problems
The folks at Kaspersky Labs have run into a new variant of a nasty little bugger known as Gpcode. This virus encrypts files on the infected computer and then demands payment for a key that will allow the victim to decrypt the files and recover their data.
Thing is, this version of Gpcode is using the RSA encryption algorithm with a 1024-big key. This is a strong encryption algorithm that is, given current computer and software technology, impossible to crack without the author’s private key.
The RSA Algorithm uses two keys, one public and one private. Something that is encrypted with the public key cannot be decrypted without the private key. The Gpcode virus contains a public key which it uses to encrypt the files.
Gpcode adds “._CRYPT” to the filename of the encrypted files and puts a text file named !_READ_ME_!.txt in the folder with the encrypted files. The text file contains a message telling the victim that their files have been encrypted and then offers to sell them a “decryptor” program to restore them:
Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com
On the upside, Kaspersky Labs (and I presume by now other AV software) are able to detect Gpcode, but if it encrypts something you’d better have a backup someplace safe because you’re not going to crack 1024-bit RSA encryption anytime within a human lifetime.
Of course, I’m sure that it’s occurred to somebody that the thing to do is for somebody to go ahead and buy the “decryptor” and then reverse engineer it to recover the private key, which can then be used to build a trusted freeware tool to recover Gpcoded files.
Technorati Tags: RSA Algorithm, Virus, File, Spyware and Adware, Viruses and Worms, Private Key, Complex Attacks, Rootkits, Vulnerability research, Microsoft, Encryption, Hackers, Security, Privacy, Cyberthreats, Yahoo!, Worms, Spam and Phishing, Exploit code, Key, public key, Passwords
If you enjoyed this post, make sure you subscribe to my RSS feed!
If you like A Peculiar Blog, Consider subscribing to my RSS feed
How do they expect payment? Wouldn’t it be easy enough to figure out who is responsible based on the bank/paypal account/physical address to which they ask for payment?
I’m sure there is some kind of money laundering scheme in place, similar to the kind of thing used by email spammers and people behind phishing attacks. They have a means to collect money or they’d not be doing this stuff at all.
Ransomware has actually been around for quite some time.
You’d think though that people would notice that something is going on when their computer suddenly goes really slow because it is using up all its’ resources to encrypt your files.
Im just glad I’ve never been hit by something like this and don’t wish it on anybody!
Cactiis last blog post..Programming for the iPhone 2
I think it’s because the majority of computer users aren’t technically minded. To these people the computer is merely a tool, a means to an end. I don’t expect most people to have much knowledge about the inner workings and maintenance of a computer anymore than a mechanic would expect me to know much about how my car’s engine works or how to maintain and repair it.
[...] Do NOT ask me what it’s about. I have no earthly idea. Here’s the name of it. “Ransomware With 1024-bit Encryption key Blackmails Victims” You go figure it out. [...]