Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Ransom Trojan returns for new encryption attack

Small-scale but very unpleasant

Article comments

The creators of the deeply unpleasant GPCode Trojan have released a new version of the malware that encrypts victims’ data files and tries to extort money for the unlock key.

The major innovation this time compared to a version from November 2010 is that the criminals demand a slightly higher fee of $125 for the key paid through the Ukash payment pre-paid card site instead of using direct money transfer., as it has been named by Kaspersky Lab, also throws up the same unmissable text message in uncertain English that takes up most of the desktop of anyone contracting it via a drive-by web download.

“All your personal files were encrypted with a strong algorythm RSA-1024 (sic),“ it reads. According to an analysis by GpCode experts at Kaspersky Lab, the criminals use their own RSA 1024 key to encrypt a separate AES 256 key used to scramble the files on a user’s PC after infection.

“Remember don’t try to tell someone about this message if you want to get your files back! Just do all we told!,” the message continues, really a ploy by the criminals to buy time before antivirus suites notice the programme. Sadly, ‘telling’ someone about GpCode would be fruitless anyway – the encryption is strong enough that the only way to recover files is to resort to backups.

As with the November version, the user can limit the file-scrambling damage caused by the malware by turning off their PC at the point they see the desktop message, before turning and booting from a recovery disk.

“Don't hesitate to turn off your PC or pull out the power cable if this is fastest!,” recommend Kaspersky researcher, Nicolas Brulez.

GpCode is a Trojan that just won’t go away and has re-emerged at longish intervals since first appearing in 2004. It could be a proof-of-concept Trojan if it weren’t for the fact that the malware proved its effectiveness long ago.

The malware seems to be designed to harvest modest amounts of money from a small number of victims in an attempt to stay below the radar of researchers. Because it is fairly easy to create a signature to detect GpCode once noticed, the malware creators need it to operate using a low profile for as long as possible.


More from Techworld

More relevant IT news


Leslie Satenstein said: These guys are true criminals and sadly the damage they do is extremely harmful particularly to small businesses that do backups weekly or not at all as is the case with most small businesses

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *