Kaspersky Lab is warning that a new variant of a previous virus attack is under way, and those who fall victim will find their computer files held for ransom.According to a recent bulletin from antivirus software maker Kaspersky, a new variant of Gpcode, Gpcode.ak, is on the loose. This hunk of malicious code will encrypt a wide range of files -- DOC, TXT, PDF, XLS, images, and other file types -- and then demand a "ransom" payment for the key necessary to decrypt the files.
However, although we detect the virus itself, we can't currently decrypt files encrypted by Gpcode.ak -- the RSA encryption implemented in the malware uses a very strong, 1,024-bit key.
The RSA encryption algorithm uses two keys: a public key and a private key. Messages can be encrypted using the public key, but can only be decrypted using the private key. And this is how Gpcode works: it encrypts files on victim machines using the public key that is coded into its body. Once encrypted, files can only be decrypted by someone who has the private key -- in this case, the author or the owner of the malicious program.
Unfortunately, while the company can detect all known versions of Gpcode, Kaspersky says it doesn't have any information about how users are getting infected.
A couple of years ago, Gpcode had relied on a much lighter 660-bit key, and Kaspersky was able to decrypt infected files. That's unlikely to be the case with the stronger 1,024-bit key.
The good news is that, so far, antivirus companies don't seem to be sounding the alarm, which means this virus isn't spreading rapidly.