Kaspersky Lab found a new variant of Gpcode, a dangerous encryptor virus has appeared, - Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.
After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor
I would imagine that they face the same problem a kidnapper does and that is how to complete the transaction without getting caught. One other interesting fact from the original article is that the original virus incorrectly implemented the encryption algorithm. This allowed researchers the opportunity to decrypt the encrypted data. This time they got it right. Thus this is a helpful reminder that implementing your own code, even of a proven algorithm, is not always the best move.
0 comments:
Post a Comment