Kaspersky Lab has announced the availability of a free utility called StopGPcode to restore files that may have been deleted by a new ransomware variant known as Gpcode.
Gpcode uses 1024-bit key to encrypt data on a user’s PC, delete original files and then demands money for decryption key.
The downloadable executable “restores original filenames and the full paths of the files recovered,” according to the Russian-based anti-virus firm. Kaspersky was the first to identify earlier this month a new and improved variant of the blackmailing Gpcode trojan.
The Kaspersky’s utility StopGPcode is based on the free PhotoRec utility, but adds the ability to restore exact file names and pathways.
Kaspersky says Gpcode.ak works by making a copy of the original file it wishes to kidnap using 1,028-bit encryption, then deleting the original. According to Roel Schouwenberg, senior antivirus research analyst at the security company.:
However, it doesn’t wipe the file from the system.
He admit that it will be difficult to create a signature for the dangerous malware, which uses virtually uncrackable 1,024-bit encryption. If infected, a user’s files — including MP3s, photos and Word documents — are encrypted and the original files deleted. The only way the victim can regain access to the files is if he or she agrees to pay a fee, which is demanded in a pop-up message, Kaspersky researchers have said.
While there hasn’t been a massive Gpcode outbreak, the virus appears to slowly be gaining steam with a few thousand infections identified so far, including at a hospital outside the United States.
It is not known yet as to how GPcode.ak spreads but a trail of clues is leading to suspect Blogspot spam and Usenet spam.
1 response so far
1 surf ~ Jun 17, 2008 at 9:43 pm
Nice Post.Posted this link in http://www.surfurls.com .Its a social bookmarking site.
You must log in to post a comment.