Have you ever considered your computer files as a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it! Ransomware is a vicious form of malware, taking into account that it encrypts the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.
Trend Micro Advanced Threats Researcher, Ivan Macalintal, recently reported that Gpcode ransomware is loose on the Internet once again. Regular readers of this Blog will remember two previous articles in which this virulent malware was discussed.
First encountered two years ago by Kaspersky Lab, Gpcode has undergone several incarnations, with this latest version being identified by Trend Micro as TROJ_RANDSOM.A
Reportedly, Gpcode is now using a 1,024 bit encryption key, as opposed to 660 bits in an early variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password.
According to Trend Micro TROJ_RANDSOM.A:
Can be downloaded from remote site(s) by other malware
May be dropped by other malware
May be downloaded unknowingly by a user when visiting malicious Web site(s)
(Fake error message upon malware execution. Courtesty Trend Micro)
As with previous versions of this malware, after installation, the victim is informed that the computer’s files have been encrypted and a decrypting tool must be purchased, for US $307, from the cyber-criminal, in order to decrypt the affected files. Email addresses are included in order to facilitate this fraudulent purchase.
Affected systems: Windows 98, ME, NT, 2000, XP, and Server 2003.
(Process illustration courtesty of Trend Micro)
If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.
For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.
References: Trend Micro
While it has been established how Gpcode infects the victim’s machine with the Trojan, none-the-less, the following precautions are critical to the security of your system.
Most importantly – make regular backups of critical data. If you are infected this may be your only solution
Don’t store critical data on the system partition
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure your anti-virus software scans all e-mail attachments