Security software firm Kaspersky Lab has reported a new and dangerous blackmailing virus.
Kaspersky Lab is alerting users about a new variant of Gpcode, a dangerous encryptor virus.
The Virus.Win32.Gpcode.ak malware encrypts users' files with various extensions, including .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more, using an RSA encryption algorithm with a 1024-bit key.
Kaspersky Lab itself added a virus signature to block Virus.Win32.Gpcode.ak earlier this week.
Kaspersky Lab says it has succeeded in thwarting previous variants of Gpcode by cracking the private key held by the attackers.
But the author of the new Gpcode variant has taken two years to improve the virus. Previous errors have been fixed and the key has been lengthened to 1024 bits instead of the original 660, which was crackable.
"At the time of writing we are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long, and we have not found any errors in implementation yet. So the only way to decrypt the encrypted files is to use the private key which only the author has," said Kaspersky.
After Gpcode.ak encrypts files on the victim's machine, it changes the extension of these files to ._CRYPT, and places a text file named !_READ_ME_!.txt in the same folder.
In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor:
"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com"
Kaspersky is still working on a way to recover data that has been encrypted without having to use the criminal's decryptor.