Ransomware Encrypts Victim Files With 1,024-Bit Key

Osiris · 06-11-2008, 10:44 AM

Now more than ever, it's important that Windows users ensure their machines are safe from hackers. A dangerous new strain of malicious software that holds the victim's computers files for ransom has been unleashed, and Kaspersky Lab is warning that security researchers have yet to crack the encryption key.
The malware in this case is the latest version of Gpcode (Kaspersky calls it Gpcode.ak), a nasty piece of "ransomware" that scrambles all of the victim's data files with an encryption key known only to the attacker(s). Victims are told via a pop-up message that they need to purchase a special decryption program to regain access to their data.
Kaspersky and other anti-virus companies have previously unraveled the secret encryption key for all previous versions of Gpcode, but this time, the malware author apparently has learned from his previous mistakes. Now, the Gpcode author is encrypting victim files with an extremely strong 1,024-bit RSA encryption key.
"We estimate it would take around 15 million modern computers, running for about a year, to crack such a key," writes Aleks Gostev, senior virus analyst at Kaspersky, on the company's blog.
"The author has bided his time, waiting almost two years before creating a new, improved variant of this file encryptor. Gpcode.ak doesn't not repeat the errors found in previous versions of the virus."
Kaspersky said it's not clear yet how the ransomware is being spread. Once a system is infected and the files are encrypted, it leaves the following message in a pop-up alert:
"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com"
I don't see anyone but Kaspersky making a lot of noise about this virus, so my guess is that most of the victims are probably in Eastern Europe and Russia. But if your machine does get infected with Gpcode, Kaspersky wants to hear from you (so does Security Fix, for that matter). They're offering assistance to anyone victimized by this virus. Check out this link for more information.
The company also is trying to generate support for a collaborative effort to break the encryption key; check out the forum here. I wish Kaspersky luck with that, but I don't believe they will succeed. It is extremely fortunate for most users that this type of attack isn't more widespread, as it is likely that most victims will end up paying the ransom if they ever want their data returned.

Ransomware Encrypts Victim Files With 1,024-Bit Key - Security Fix

Ste · 06-11-2008, 12:09 PM

Id just format, since I have all my data backed up in excess of four times.

MrCoffee · 06-11-2008, 01:22 PM

me too... unless the virus was smart enough to encrypt my NAS box too in which case I'd be stuffed

06-11-2008, 10:44 AM	#1 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 24,712	Ransomware Encrypts Victim Files With 1,024-Bit Key Now more than ever, it's important that Windows users ensure their machines are safe from hackers. A dangerous new strain of malicious software that holds the victim's computers files for ransom has been unleashed, and Kaspersky Lab is warning that security researchers have yet to crack the encryption key. The malware in this case is the latest version of Gpcode (Kaspersky calls it Gpcode.ak), a nasty piece of "ransomware" that scrambles all of the victim's data files with an encryption key known only to the attacker(s). Victims are told via a pop-up message that they need to purchase a special decryption program to regain access to their data. Kaspersky and other anti-virus companies have previously unraveled the secret encryption key for all previous versions of Gpcode, but this time, the malware author apparently has learned from his previous mistakes. Now, the Gpcode author is encrypting victim files with an extremely strong 1,024-bit RSA encryption key. "We estimate it would take around 15 million modern computers, running for about a year, to crack such a key," writes Aleks Gostev, senior virus analyst at Kaspersky, on the company's blog. "The author has bided his time, waiting almost two years before creating a new, improved variant of this file encryptor. Gpcode.ak doesn't not repeat the errors found in previous versions of the virus." Kaspersky said it's not clear yet how the ransomware is being spread. Once a system is infected and the files are encrypted, it leaves the following message in a pop-up alert: "Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: ******@yahoo.com" I don't see anyone but Kaspersky making a lot of noise about this virus, so my guess is that most of the victims are probably in Eastern Europe and Russia. But if your machine does get infected with Gpcode, Kaspersky wants to hear from you (so does Security Fix, for that matter). They're offering assistance to anyone victimized by this virus. Check out this link for more information. The company also is trying to generate support for a collaborative effort to break the encryption key; check out the forum here. I wish Kaspersky luck with that, but I don't believe they will succeed. It is extremely fortunate for most users that this type of attack isn't more widespread, as it is likely that most victims will end up paying the ransom if they ever want their data returned. Ransomware Encrypts Victim Files With 1,024-Bit Key - Security Fix __________________ www.MasterB365.com www.MasterB-Outdoors.com**

06-11-2008, 12:09 PM	#2 (permalink)
Ste lvl Infinite Psychopath Join Date: Aug 2005 Location: Mount Prospect, IL Posts: 8,485	Re: Ransomware Encrypts Victim Files With 1,024-Bit Key Id just format, since I have all my data backed up in excess of four times. __________________ Read The Rules!! Power Supply Guide Intel Overclocking Thread AMD Overclocking Thread Other Important Threads I'm sorry but I do not accept support requests via IM, email, or personal messages There will come a day, such a day when all will be told more than they wish to know, what one hears may explain the past, it may explain the future, but it has never made a difference either way and it will change nothing. Some day.... But that is not this day, and I don't know when, I just don't know.

06-11-2008, 01:22 PM	#3 (permalink)
MrCoffee Monster Techie Join Date: Feb 2006 Location: UK Posts: 1,746	Re: Ransomware Encrypts Victim Files With 1,024-Bit Key me too... unless the virus was smart enough to encrypt my NAS box too in which case I'd be stuffed __________________ XP3000 Barton (stock speeds due to instability) Gigabyte GA-7N400 Pro2 v2.0 Corsair Value 2x512MB CL2.5 PC3200 Raptor WD740GD 70GB, SCSI Maxtor Atlas IV 74GB, 80GB ATA Barracuda SB Audigy Benq FP91G+ (x2) EVGA 7800 GS CO (@430/1300) Razer Diamondback Plasma IceMat Siberia Headset

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Difference Between 32 Bit (x86) and 64 Bit (x64)	Mak213	Windows Operating Systems and Software	7	03-31-2008 01:32 AM
HijackThis logs for Security Team members only	Trotter	Virus - Spyware Protection / Detection	34	01-25-2008 12:13 PM
New Log	enigm@tic	HijackThis Logs (finished)	4	12-13-2007 07:45 PM
friends log	Static_11	HijackThis Logs (finished)	11	11-25-2007 09:27 PM
spyware - "mywebsearch" - can't remove!!	plumber4578	Virus - Spyware Protection / Detection	21	10-17-2007 06:06 PM