A virus that takes all your important files hostage and then demand money is on the loose according to security experts.
This blackmailer virus uses 1024-bit key to encrypt data on user’s PC and then demands money for decryption key.
According to Kaspersky Lab public should be on the lookout for ransomware virus named “Gpcode” which encrypts your files using an RSA encryption algorithm with a 1024-bit key.
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration. The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term “ransomware”.
Gpcode (many variants: Gpcode.ac, Gpcode.ag, etc.) is thought to access PCs via unpatched browsers. Once active it encodes most of the data on the computer, including .doc, .txt, .pdf, .xls, .jpg and .png files. After that a ReadMe file is left on the machine giving an email address to send money in order to get the decryption key.
The malware is a revision of a previous virus, thought to be from the same author, which appeared two years ago but only used a 660-bit key. The first piece of ransomware to use a sophisticated encryption algorithm, Gpcode.ac, was detected in January 2006 and used the RSA algorithm to create a 56-bit key.
According to Timur Tsoriev of Kaspersky Labs:
Virus researchers have been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. If the encryption algorithm is implemented correctly, it could take one PC with a 2.2GHz processor around 30 years to crack a 660-bit key.
The company recommends that victims contact them by email to stopgpcode@kaspersky.com if they get infected, using another computer, and tell them exactly what they were doing in the five minutes before infection and the exact time and date of infection. Kaspersky also stresses that users do not restart or power down the infected computer.
Tsoriev said:
We urge infected users not to yield to the blackmailer, but to contact us and your local cyber-crime law enforcement units. Yielding to blackmailers only continues the cycle.
3 responses so far
1 RipVanDubbie ~ Jun 7, 2008 at 2:15 pm
Wow, a 1024 bit encryption key? It would take a room full of super computers HUNDREDS (if not thousands) of years to crack a 256 bit encryption. Wow, thats impressive.
JT
http://www.FireMe.to/udi
2 yesimahuman ~ Jun 7, 2008 at 10:38 pm
“If the encryption algorithm is implemented correctly, it could take one PC with a 2.2GHz processor around 30 years to crack a 660-bit key.”
Hey RipVanDubbie…did you actually read the fucking article?
3 Adrian ~ Jun 8, 2008 at 2:01 am
Not really. RSA is a public/private key algorithm which requires much longer encryption keys to be secure, 1024 bit minimum. You’re thinking of a symmetric encryption algorithm, which 128 bit is the minimum considered secure.
Checkout Wikipedia for more info.
You must log in to post a comment.