Some of you might remember GpCode, a Trojan horse that taunted users last summer by encrypting files and demanding that victims pay a ransom to get back their file access (see Blackmailing malware storms Russia). According to Russian antivirus firm Kaspersky Lab, the culprits appear to be at it again.
The Kaspersky blog noted that some users are reporting that their documents, photos, archive files and more had turned into a bunch of junk data, and a file called read_me.txt had appeared on their systems. Sadly, the blog noted, the contents of this file were all too familiar:
“Hello, your files are encrypted with RSA-4096 algorithm (https://en.wikipedia.org/wiki/RSA). You will need at least [a] few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300 …”
Kaspersky analyzed the files and found that despite the claims, there’s no sign of RSA-4096. “Interestingly, this nasty little piece of work, which we detect as Virus.Win32.Gpcode.ai, has a very limited shelf life, from 10th to 15th July 2007. Why? We can only guess.”