Ransomware Encrypts Victim Files With 1,024-Bit Key - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 06-11-2008, 10:44 AM   #1 (permalink)
Techie Beyond Description
Osiris's Avatar
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Ransomware Encrypts Victim Files With 1,024-Bit Key

Now more than ever, it's important that Windows users ensure their machines are safe from hackers. A dangerous new strain of malicious software that holds the victim's computers files for ransom has been unleashed, and Kaspersky Lab is warning that security researchers have yet to crack the encryption key.
The malware in this case is the latest version of Gpcode (Kaspersky calls it Gpcode.ak), a nasty piece of "ransomware" that scrambles all of the victim's data files with an encryption key known only to the attacker(s). Victims are told via a pop-up message that they need to purchase a special decryption program to regain access to their data.
Kaspersky and other anti-virus companies have previously unraveled the secret encryption key for all previous versions of Gpcode, but this time, the malware author apparently has learned from his previous mistakes. Now, the Gpcode author is encrypting victim files with an extremely strong 1,024-bit RSA encryption key.
"We estimate it would take around 15 million modern computers, running for about a year, to crack such a key," writes Aleks Gostev, senior virus analyst at Kaspersky, on the company's blog.
"The author has bided his time, waiting almost two years before creating a new, improved variant of this file encryptor. Gpcode.ak doesn't not repeat the errors found in previous versions of the virus."
Kaspersky said it's not clear yet how the ransomware is being spread. Once a system is infected and the files are encrypted, it leaves the following message in a pop-up alert:
"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com"
I don't see anyone but Kaspersky making a lot of noise about this virus, so my guess is that most of the victims are probably in Eastern Europe and Russia. But if your machine does get infected with Gpcode, Kaspersky wants to hear from you (so does Security Fix, for that matter). They're offering assistance to anyone victimized by this virus. Check out this link for more information.
The company also is trying to generate support for a collaborative effort to break the encryption key; check out the forum here. I wish Kaspersky luck with that, but I don't believe they will succeed. It is extremely fortunate for most users that this type of attack isn't more widespread, as it is likely that most victims will end up paying the ransom if they ever want their data returned.

Ransomware Encrypts Victim Files With 1,024-Bit Key - Security Fix

Osiris is offline  
Old 06-11-2008, 12:09 PM   #2 (permalink)
Do not Stare at my Avatar
Ste's Avatar
Join Date: Aug 2005
Location: Upon Gleaning Infinity
Posts: 9,578
Send a message via MSN to Ste
Default Re: Ransomware Encrypts Victim Files With 1,024-Bit Key

Id just format, since I have all my data backed up in excess of four times.

Ste is offline  
Old 06-11-2008, 01:22 PM   #3 (permalink)
Monster Techie
MrCoffee's Avatar
Join Date: Feb 2006
Location: UK
Posts: 1,858
Default Re: Ransomware Encrypts Victim Files With 1,024-Bit Key

me too... unless the virus was smart enough to encrypt my NAS box too in which case I'd be stuffed
Intel core I7 920
6GB OCZ platinum 1600
XFX HD4890
Noctua nh-u12p
Corsair HX520
Antec 300
Samsung 1TB F1 Spinpoint
Samsung SM2443BW 24"
MrCoffee is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Difference Between 32 Bit (x86) and 64 Bit (x64) KSoD Microsoft Windows and Software 30 08-29-2009 08:05 AM
HijackThis logs for Security Team members only Trotter Viruses, Spyware and Malware 34 01-25-2008 12:13 PM
New Log enigm@tic HijackThis Logs (finished) 4 12-13-2007 07:45 PM
friends log Static_11 HijackThis Logs (finished) 11 11-25-2007 09:27 PM

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 03:28 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.