A virus that takes all your important files hostage and then demand money is on the loose according to security experts.
This blackmailer virus uses 1024-bit key to encrypt data on user’s PC and then demands money for decryption key.
According to Kaspersky Lab public should be on the lookout for ransomware virus named “Gpcode” which encrypts your files using an RSA encryption algorithm with a 1024-bit key.
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration. The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term “ransomware”.
Gpcode (many variants: Gpcode.ac, Gpcode.ag, etc.) is thought to access PCs via unpatched browsers. Once active it encodes most of the data on the computer, including .doc, .txt, .pdf, .xls, .jpg and .png files. After that a ReadMe file is left on the machine giving an email address to send money in order to get the decryption key.
The malware is a revision of a previous virus, thought to be from the same author, which appeared two years ago but only used a 660-bit key. The first piece of ransomware to use a sophisticated encryption algorithm, Gpcode.ac, was detected in January 2006 and used the RSA algorithm to create a 56-bit key.
According to Timur Tsoriev of Kaspersky Labs:
Virus researchers have been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. If the encryption algorithm is implemented correctly, it could take one PC with a 2.2GHz processor around 30 years to crack a 660-bit key.
The company recommends that victims contact them by email to firstname.lastname@example.org if they get infected, using another computer, and tell them exactly what they were doing in the five minutes before infection and the exact time and date of infection. Kaspersky also stresses that users do not restart or power down the infected computer.
We urge infected users not to yield to the blackmailer, but to contact us and your local cyber-crime law enforcement units. Yielding to blackmailers only continues the cycle.