Epidemic of the GPCode virus in Russia has entered a new stage of development
Kaspersky Lab warns of a new outbreak of the GPCode virus epidemic in Russia. The new version of the virus, GPCode.af, differs from the previous one by a much more robust key used to encrypt data.
The GPCode family is widely known for its malicious activity aimed at receiving money from owners of infected computers by blackmail. After entering the system, the virus encrypts files with extensions .doc, .xls, .txt, .zip and others, which may contain the information the user needs, using the RSA algorithm. It is worth mentioning that when encrypting data, GPCode.af uses a much more robust key than its predecessor. In all folders where the encrypted files are located, the virus leaves a text file Readme.txt, which contains a proposal to write a letter to the malefactor’s email address and then pay some amount of money to get the decryption algorithm.
Sadly, Kaspersky Lab still does not have accurate information about how the virus spreads, because after it penetrates the system and encrypts user information, the virus self-destructs. In this regard, Kaspersky Lab virus analysts recommend that users take the measures necessary to enhance protection: do not open emails from unknown recipients with suspicious attachments, install all critical updates for the operating system and Internet browser, regularly update the anti-virus database and back up data of information value.
The GPCode family is widely known for its malicious activity aimed at receiving money from owners of infected computers by blackmail. After entering the system, the virus encrypts files with extensions .doc, .xls, .txt, .zip and others, which may contain the information the user needs, using the RSA algorithm. It is worth mentioning that when encrypting data, GPCode.af uses a much more robust key than its predecessor. In all folders where the encrypted files are located, the virus leaves a text file Readme.txt, which contains a proposal to write a letter to the malefactor’s email address and then pay some amount of money to get the decryption algorithm.
Sadly, Kaspersky Lab still does not have accurate information about how the virus spreads, because after it penetrates the system and encrypts user information, the virus self-destructs. In this regard, Kaspersky Lab virus analysts recommend that users take the measures necessary to enhance protection: do not open emails from unknown recipients with suspicious attachments, install all critical updates for the operating system and Internet browser, regularly update the anti-virus database and back up data of information value.
')
Source: https://habr.com/ru/post/1434/
All Articles