Home Your IT Home IT Kaspersky's new ransomware discovery: your money or your data!

Ransomware is back with a vengeance, with security company Kaspersky Lab discovering a new and much more powerful variant of the GpCode ransomware, which now not only encrypts your data, but also overwrites it, dramatically complicating the chance of data recovery and upping the ante in the ever more sophisticated cyber criminal world.

On the day I returned from a 3-day 'international press tour' to Kaspersky Lab headquarters in Moscow, with a report on that event still to follow (and an interview with Kaspersky Lab CEO and co-founder, Eugene Kaspersky already published), Kaspersky Lab is in the news for having discovered a new 2010 variant of the previous GpCode ransomware that first appeared in 2004, but this time with much stronger capabilities, according to Kaspersky Lab expert Vitaly Kamluk and announced on November 29th.

Mr Kamluk explains that 'this type of malware is very dangerous because the chances of getting your data back are very low', and is 'almost the same as permanent removal of the data from your hard drive'.

Although Kaspersky Lab 'managed to offer a few ways of recovering and even decrypting your data with our decryption tools' in 2006 and 2008, says Mr Kamluk, he warns that 'GpCode is back and it is stronger than before.'

'Unlike the previous variants, it doesn't delete files after encryption. Instead it overwrites data in the files, which makes it impossible to use data-recovery software such as PhotoRec, which we suggested during the last attack.

'Preliminary analysis showed that RSA-1024 and AES-256 are used as crypto-algorithms. The malware encrypts only part of the file, starting from the first byte', explains Mr Kamluk, who says that efforts to help retrieve encrypted data has commenced, with news updates to come, and advice on what to do if already infected.

Given that all of your data, documents, music, videos, databases, photos and other personal information is rapidly being encrypted, the advice to turn your PC off as quickly as possible, even if by pulling out the power cord from a desktop computer or holding down the power button on a laptop until it reboots so you can immediately turn it off.

This is done if you see a ransom message demanding silence and money to decrypt your files, or they will (supposedly) be deleted within X number of days, with the message appearing as a pop-up notepad window with text, or as a white desktop background with text again demanding silence, and money to be wired transferred.

Continued on page two, please read on!

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Alex Zaharov-Reutt

joomla counter

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks, including stints as presenter of Ch 10’s Internet Bright Ideas, Ch 7’s Room for Improvement and tech expert on Ch 9’s Today Show, among many other news and current affairs programs.

Connect