Gpcode.ak, as Kaspersky calls it, encrypts files of infected machine using RSA encryption with public key coded in the malware itself. These encrypted files can only be decrypted by using private, 1024 bit key that in this case is in possession of the author or the owner of Gpcode. It's estimated that cracking that key would take 15 million modern computers running for about a year.
Kaspersky recommends to enable all possible anti-malware components that are installed in the system since it's unclear at the moment how the virus spreads.
If following picture appears on the screen then it's possible that system has gotten infected with Gpcode:
In those cases users are advised to keep their systems on and contact Kaspersky (stopgpcode@kaspersky.com) through clean system telling details about the infection: exact time and date that system got infected and what had been done during last 5 minutes before the infection (what programs were run, what web sites were visited etc).
To keep people up-to-date on the situation Kaspersky has set up dedicated forum.
No comments:
Post a Comment