Gpcode, the return of ransomware
Gpcode showed up a few years ago, but now many people are reporting they have been infected with a new variant called Gpcode.ak. Gpcode encrypts information on the affected computer's hard disk, plus any shares to which it has access. Gpcode leaves the operating system software alone (so the PC continues to be useable), but encrypts the user's data files. The encryption technique for the original version was cracked, making it easy for anyone to decrypt his or her own files, but this new variation uses a 1024-bit encryption key. Reported by Kaspersky, this could take a relatively modern computer almost 30 years to crack.Users who have been infected will notice a "README" file instructing them to contact a specific email address for rights to purchasing a "decryption tool" in order to reclaim their data files. Sometimes the additional threat of publicizing confidential information is mentioned in this ransom notice.However, because of a fault in this version, it is presently possible to retrieve the encrypted files. Gpcode makes a backup of the data files before it encrypts them, and then erases this copy. Deleted files can be recovered with regular file-recovery program that is widely available as both free and commercial offerings. Users infected with Gpcode virus should avoid booting their machines, and should avoid doing anything else until they've recovered their files. This limits the chance of the erased files being corrupted by other processes. Unfortunately this retrieval is a limited work-around - at best - because it has been widely discussed on the security forums, and it is only a matter of time before the virus authors include a step to completely remove the erased files from the disk.Although many individuals report being infected with Gpcode via e-mail or from a rogue site cited inside of email spam, it is unknown how the Gpcode computer virus spreads.Consequently, reducing the risk of getting this computer virus means using normal precautions against other malicious software, such as keeping anti-virus scanners and email spam blockers up to date, and implementing a clearly communicated security policy about not following links in unsolicited emails.