Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blackmail virus returns


  • Please log in to reply

#1
Major Payne

Major Payne

    Retired Staff

  • Retired Staff
  • 5,307 posts

Jun 6th, 2008, 6:37 am

Show Printable VersionKaspersky Lab is warning the public at large to be on the lookout for a new version of the blackmail virus Gpcode which has started to appear in the wild. This particularly nasty twist on the virus format encrypts your files using an RSA encryption algorithm, this time with a 1024-bit key. In order to get your file access back, the virus author offers to sell you a decryption tool. Straightforward blackmail for the digital age, and if those files are critical to your work or contain vital personal data then you might just consider giving in and paying up.

Kaspersky, of course, has seen Gpcode before. In fact, it has managed to thwart the efforts of the virus authors in previous versions by cracking the private encryption keys using in-depth and time consuming cryptographic analysis of the RSA algorithm implementation. The last time around a 660-bit key was used, which Kaspersky says would take a single 2.2Ghz PC some 30 years to crack alone. Unfortunately, in the two years that have followed, the author has tweaked his code to fix previous errors which allowed that analysis to take place and added a 1024-bit encryption key which Kaspersky has been unable to crack so far.

Unless any errors are found it is, to be honest, unlikely that a key of this length will be cracked. Which means that if you do get infected, and if your files do get encrypted, then the only decryption option would appear to sit with the virus author who has that private key to do the unlocking with.

Kaspersky specialists recommend that victims contact them by email to [email protected] if they get infected, using another computer, and tell them exactly what they were doing in the five minutes before infection and the exact time and date of infection. Kaspersky also stresses that users do not restart or power down the infected computer.

"We urge infected users not to yield to the blackmailer, but to contact us and your local cyber crime law enforcement units" a Kaspersky spokesperson told me "yielding to blackmailers only continues the cycle."


Source...
  • 0

Advertisements


#2
Troy

Troy

    Tech Staff

  • Technician
  • 8,841 posts
Would I be wrong in suggesting that proper backups may help reduce the stress of important file loss?

Of course, it's still important to work with appropriate law enforcement units to help capture the blackmailers, but at least you won't lose any sweat over those files!

*troy heads off to perform an update to his backups...
  • 0

#3
Major Payne

Major Payne

    Retired Staff

  • Topic Starter
  • Retired Staff
  • 5,307 posts
As long as the backup files are encrypted, too, and no connection can be made from the Internet to the backup source. Also. all files to be backed up should be thoroughly scanned before transferring to any backup medium. Even Restore Points can be infected.

Ron

Edited by Major Payne, 21 June 2008 - 03:44 AM.

  • 0

#4
Doctor Inferno

Doctor Inferno

    Member

  • Member
  • PipPip
  • 63 posts
There's a catch, you shouldn't have turned off the PC if infected by the virus.
  • 0

#5
Wiwi

Wiwi

    Member

  • Member
  • PipPipPip
  • 187 posts
Wow! that's scary :)

How is this virus spread, though?
  • 0

#6
Major Payne

Major Payne

    Retired Staff

  • Topic Starter
  • Retired Staff
  • 5,307 posts

Wow! that's scary :)

How is this virus spread, though?

Kaspersky recommends to enable all possible anti-malware components that are installed in the system since it's unclear at the moment how the virus spreads.


Ron
  • 0

#7
Wiwi

Wiwi

    Member

  • Member
  • PipPipPip
  • 187 posts
oh, thanks, maybe I skipped it :)

Edited by Wiwi, 03 July 2008 - 09:42 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP