Category: 
Dear reader,
As you have already noticed we were not active few days. Some of you could also notice that we were absent for the period of the highest tension between Russia and Georgia. Yes, our company is running some projects there, on the territory of the conflict. Some day we will probably write about this experience. Now I just want to express my sympathy to innocent civilians. They are hostages of imperial ambitions. They were sacrificed to the gas pipe and oil price, to sharks of politics and business. It is always painful when two sides of the conflict are using guns instead of brains.
Let us turn back to our item – viruses. Kaspersky Lab published few days ago about new version of old Trojan, which is encrypting files on your computer. New version of Gpcode encrypts files with AES-256.
Later update: Kaspersky’s analysis shows that the Trojan uses the 3DES and not AES. I doubt if this will comfot the victim
This virus also changes the computer desktop, adding an image that says “your files were encrypted, see crypted.txt for more information”. When you open this file you see the URL the webpage in Russian saying that all files are encrypted with AES-256, the key is unique for every computer, brute force attack is useless. And you are offered to pay $10 for the key.
Kaspersky Labs strongly recommends not paying. It is funny that they do not offer any protection. They appreciate the fact that decryption without the key is impossible. But there is some chance to restore your files even without a key. This Trojan for encryption first makes a copy of file, encrypts this copy and then deletes the original file. It is possible to recover deleted files if changes on the HDD were not significant. Kaspersky suggests trying recovering files using any suitable software.
One of best tool to their opinion it the PhotoRec - free and powerful recovery tool.
The virus aims Russian segment of the internet. Our risk is minor, however if your desktop shows a picture like this – do not restart computer, call Kaspersky (stopgpcode at kaspersky dot com) and pray.
Frankly speaking, if I were you, I would rather pay 10 bucks for a key.
