qondio.com/NEoq PRINT EMAIL
Ransomware: Your money or your data gets it. Recently there has been lots of stories of PCs becoming infected with the virus Gpcode.ak, a new form of an attack that surfaced a few years past. Gpcode encrypts information on the affected PC's hard disk, plus any computers it is able to reach. It leaves the basic system software alone (so the PC continues to be useable), but encrypts the individual's data files. The encryption method for the original edition was broken, making it easy for anyone to decrypt his or her private data files, but this new version uses a 1024-bit encryption key. Reported by Kaspersky Lab, this would take a relatively current computer around thirty years to break. Affected users find a "README" file leading them to contact a specific email address for rights to purchasing a "decryption tool" in order to recover their files. Sometimes the additional threat of advertising confidential information is mentioned in this ransom notice. However, because of a flaw in this edition, it is currently possible to reclaim the encrypted data files. Gpcode makes a copy of the files before encrypting them, and then deletes this copy. Erased files can be recovered using popular file-recovery software that is widely available as both free and commercial offerings. Affected users should avoid rebooting their computers, and should avoid doing anything else until they've retrieved their files. This limits the chance of the erased files being overwritten by other software. Unfortunately this recovery is a limited work-around - at best - because it has been widely publicized on the security forums, and it will not be long before the virus writers include a step to wipe the deleted data files from the disk. It is unclear precisely how this virus distributes itself, but the vast majority of malware infections come directly from spam electronic mail or from rogue web sites to which spam points users. Consequently, minimizing one's risk of exposure to this virus means taking the normal safeguards against other malicious software, such as keeping virus scanners and email spam blockers up to date, and having a clearly communicated policy about not visiting links in unsolicited e-mail.

Contributed by Information Security on July 8, 2008, at 11:16 AM UTC.

PLEASE VISIT THE CONTRIBUTOR'S WEBSITE

Lexan Systems L.L.C. Information Security Consultants www.lexansystems.com

Reactions

No reactions yet.

Rate This Intel

Please login or sign up to rate this intel.

Comments

Please login or sign up to add a comment.

Share

Copyright Notice

The copyright for this content entitled "Ransomware: Your money or your data gets it." has been specified by the contributor as:

All Rights Reserved

This content may not be copied, distributed or adapted by anyone under any circumstances.

Login Here with Any Email Address Any Password Remember login No account? Sign up.

Intel Contributor

This intel was contributed by Information Security Information Security

Qondio Archive

May, 2012 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2008 January, February, March, April, May, June, July, August, September, October, November, December 2009 January, February, March, April, May, June, July, August, September, October, November, December 2010 January, February, March, April, May, June, July, August, September, October, November, December 2011 January, February, March, April, May, June, July, August, September, October, November, December 2012 January, February, March, April, May

Sign Up

Not a member yet? Qondio is a powerful network for making it online. If you have a website to promote, we can help. Sign up and get in on the action.

About Qondio

Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.