Home Your IT Home IT Kaspersky's new ransomware discovery: your money or your data!

 

Ransomware is back with a vengeance, with security company Kaspersky Lab discovering a new and much more powerful variant of the GpCode ransomware, which now not only encrypts your data, but also overwrites it, dramatically complicating the chance of data recovery and upping the ante in the ever more sophisticated cyber criminal world.

On the day I returned from a 3-day 'international press tour' to Kaspersky Lab headquarters in Moscow, with a report on that event still to follow (and an interview with Kaspersky Lab CEO and co-founder, Eugene Kaspersky already published), Kaspersky Lab is in the news for having discovered a new 2010 variant of the previous GpCode ransomware that first appeared in 2004, but this time with much stronger capabilities, according to Kaspersky Lab expert Vitaly Kamluk and announced on November 29th.

Mr Kamluk explains that 'this type of malware is very dangerous because the chances of getting your data back are very low', and is 'almost the same as permanent removal of the data from your hard drive'.

Although Kaspersky Lab 'managed to offer a few ways of recovering and even decrypting your data with our decryption tools' in 2006 and 2008, says Mr Kamluk, he warns that 'GpCode is back and it is stronger than before.'

'Unlike the previous variants, it doesn't delete files after encryption. Instead it overwrites data in the files, which makes it impossible to use data-recovery software such as PhotoRec, which we suggested during the last attack.

'Preliminary analysis showed that RSA-1024 and AES-256 are used as crypto-algorithms. The malware encrypts only part of the file, starting from the first byte', explains Mr Kamluk, who says that efforts to help retrieve encrypted data has commenced, with news updates to come, and advice on what to do if already infected.

Given that all of your data, documents, music, videos, databases, photos and other personal information is rapidly being encrypted, the advice to turn your PC off as quickly as possible, even if by pulling out the power cord from a desktop computer or holding down the power button on a laptop until it reboots so you can immediately turn it off.

This is done if you see a ransom message demanding silence and money to decrypt your files, or they will (supposedly) be deleted within X number of days, with the message appearing as a pop-up notepad window with text, or as a white desktop background with text again demanding silence, and money to be wired transferred.

Continued on page two, please read on!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

Alex Zaharov-Reutt

joomla counter

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks, including stints as presenter of Ch 10’s Internet Bright Ideas, Ch 7’s Room for Improvement and tech expert on Ch 9’s Today Show, among many other news and current affairs programs.

Connect