Kidnapped! – Gpcode Ransomware – Deja Vue All Over Again

When we think of kidnapping, extortion or blackmail, I think it’s safe to say, not many of us would consider our computer files as a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a vicious form of malware, considering that it encrypts the victim’s files, and then demands a monetary ransom to decrypt the kidnapped files.

Once again the Ransomware Trojan, Gpcode/PGPCoder is on the loose. First encountered two years ago by Kaspersky Lab, this updated version of Gpcode/PGPCoder has returned, but in a much more advanced form.

Gpcode/PGPCoder is now using a 1,024 bit encryption key, as opposed to 660 bits in its last variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password. Following the encryption of the target files the virus self destructs in order to evade detection.

More than 80 file-types on the PC including doc, txt, pdf, xls, jpg, png, htm, pst, xml, zip, and rar, are targeted for encryption, then the original files are deleted from the disk and replaced by an encrypted copy.

An attempt to open an encrypted file on an infected machine will produce a message similar to the following.

Hello, your files are encrypted with RSA-4096 algorithm.

You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: – – – –

It has not yet been determined how Gpcode/PGPCoder infects the victim’s machine with the Trojan, so the following precautions are critical to the security of your system.

  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data. If you are infected this may be your only solution
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer
  • Install a personal firewall on the computer
  • Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure your anti-virus software scans all e-mail attachments
  • Don’t store critical data on the system partition

5 Comments

Filed under Email, Encryption, Interconnectivity, internet scams, Malware Advisories, System File Protection, System Security, Windows Tips and Tools

5 responses to “Kidnapped! – Gpcode Ransomware – Deja Vue All Over Again

  1. Pingback: 1396

  2. Rex

    How can one be sure the software supplied by the crooks won’t plant something on your machine designed not to reinfect you but to cause you to spread a backdoor to all your future contacts for them to exploit later of many of these contacts?
    The government should design a truly malicious virus that can be delivered with the payoff along with the payoff being bogus. The electronic equivalent of a bomb blowing up a kidnapper when they collect a ransom!

  3. Rex

    As a Stumbler I gave a ‘thumbs up’. As have others before me.

    Thanks Bill and my bomb delivered with the ransom idea expressed above was inspired by the sadness, fear, and frustration I have increasingly felt recently over (in)security news I was reading. Ah well. 🙂 We will just do the best we can and make backups as you advise.

  4. Pingback: ms deja

  5. Bob

    Don’t be stupid and let random software install on your computer. Problem solved.