Kaspersky Lab Warns of New Variant of Dangerous Blackmailing Virus, Gpcode

Kaspersky Lab, a leading developer of Internet threat management solutions that protect against all forms of malicious software, has informed the public that it has been the first to detect a new variant of Gpcode, a dangerous encryptor virus -- Virus.Win32.Gpcode.ak. Kaspersky Lab added a signature for Virus.Win32.Gpcode.ak on June 4, 2008.

Gpcode.ak encrypts files with various extensions including, but not limited to: .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key. Kaspersky Lab analysts succeeded in thwarting previous variants of Gpcode, when Kaspersky virus researchers were able to crack the private key after in-depth cryptographic analysis. The author of Gpcode has taken two years to improve the virus: the previous errors have been fixed and the key has been lengthened to 1024 bits instead of 660 bits.

At the time of writing, Kaspersky Lab is unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long. Thus, the only way currently to decrypt the encrypted files is to use the private key which only the author has available at a fee.