Jun 10 2008
Ransomware (what is it)
Recently there has been some talk about a new “ransomware” that is out and infecting people. The virus is called Virus.Win32.Gpdoce.ak a little information can be found here. In short this virus once executed will search the users hard drive for files to encrypt.
Once your files are encrypted it places a text file in every directory that contains encrypted files.
Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: [censored]@yahoo.com=== BEGIN ===
[key]
=== END ===
At this time Antivirus vendors are looking for looking for a solution at this time. Kapersky Lab’s seems to be leading the effort here. If you are a code breaker you can go here for more info.
Solutions to help (before this happens to you)
- Backup your data regularly
- Keep a fair amount of back ups
- And what ever you do to not store them on the PC that could become effected, keep them off line via CD/DVD or an external Hard Drive that you keep unplugged from your system
More information and references
http://isc.sans.org/diary.html?storyid=4544
http://blogs.zdnet.com/security/?p=1259
http://people.csail.mit.edu/tromer/gpcode/
http://usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000131
http://www.viruslist.com/en/viruses/encyclopedia?virusid=313444
