New Ransom-Ware Virus Resurfaces

Kaspersky Lab is warning that a new variant of a previous virus attack is under way, and those who fall victim will find their computer files held for ransom.According to a recent bulletin from antivirus software maker Kaspersky, a new variant of Gpcode, Gpcode.ak, is on the loose. This hunk of malicious code will encrypt a wide range of files -- DOC, TXT, PDF, XLS, images, and other file types -- and then demand a "ransom" payment for the key necessary to decrypt the files.

From Viruslist.com:

"However, although we detect the virus itself, we can't currently decrypt files encrypted by Gpcode.ak -- the RSA encryption implemented in the malware uses a very strong, 1,024-bit key.

The RSA encryption algorithm uses two keys: a public key and a private key. Messages can be encrypted using the public key, but can only be decrypted using the private key. And this is how Gpcode works: it encrypts files on victim machines using the public key that is coded into its body. Once encrypted, files can only be decrypted by someone who has the private key -- in this case, the author or the owner of the malicious program.

"

Unfortunately, while the company can detect all known versions of Gpcode, Kaspersky says it doesn't have any information about how users are getting infected.

A couple of years ago, Gpcode had relied on a much lighter 660-bit key, and Kaspersky was able to decrypt infected files. That's unlikely to be the case with the stronger 1,024-bit key.

The good news is that, so far, antivirus companies don't seem to be sounding the alarm, which means this virus isn't spreading rapidly.