Home Your IT Home IT Kaspersky's new ransomware discovery: your money or your data!
Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Ransomware is back with a vengeance, with security company Kaspersky Lab discovering a new and much more powerful variant of the GpCode ransomware, which now not only encrypts your data, but also overwrites it, dramatically complicating the chance of data recovery and upping the ante in the ever more sophisticated cyber criminal world.

On the day I returned from a 3-day 'international press tour' to Kaspersky Lab headquarters in Moscow, with a report on that event still to follow (and an interview with Kaspersky Lab CEO and co-founder, Eugene Kaspersky already published), Kaspersky Lab is in the news for having discovered a new 2010 variant of the previous GpCode ransomware that first appeared in 2004, but this time with much stronger capabilities, according to Kaspersky Lab expert Vitaly Kamluk and announced on November 29th.

Mr Kamluk explains that 'this type of malware is very dangerous because the chances of getting your data back are very low', and is 'almost the same as permanent removal of the data from your hard drive'.

Although Kaspersky Lab 'managed to offer a few ways of recovering and even decrypting your data with our decryption tools' in 2006 and 2008, says Mr Kamluk, he warns that 'GpCode is back and it is stronger than before.'

'Unlike the previous variants, it doesn't delete files after encryption. Instead it overwrites data in the files, which makes it impossible to use data-recovery software such as PhotoRec, which we suggested during the last attack.

'Preliminary analysis showed that RSA-1024 and AES-256 are used as crypto-algorithms. The malware encrypts only part of the file, starting from the first byte', explains Mr Kamluk, who says that efforts to help retrieve encrypted data has commenced, with news updates to come, and advice on what to do if already infected.

Given that all of your data, documents, music, videos, databases, photos and other personal information is rapidly being encrypted, the advice to turn your PC off as quickly as possible, even if by pulling out the power cord from a desktop computer or holding down the power button on a laptop until it reboots so you can immediately turn it off.

This is done if you see a ransom message demanding silence and money to decrypt your files, or they will (supposedly) be deleted within X number of days, with the message appearing as a pop-up notepad window with text, or as a white desktop background with text again demanding silence, and money to be wired transferred.

Continued on page two, please read on!

OWN THE FUTURE OF SOFTWARE

Tomorrow, 26 August we’re delivering a FREE day of high-impact content to give you the know-how to lead in the App Economy. Please don’t be sorry you missed it.

• Keynotes on how software is rewriting businesses the world over, including our own backyard

• View code level details with context and repair problems quickly

• Fix problems in minutes before they wreak havoc

• Streams covering DevOps, Security and Management Cloud from pioneers at the coalface.

Register Now - it's FREE!

CLICK TO REGISTER!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Alex Zaharov-Reutt

joomla counter

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks, including stints as presenter of Ch 10’s Internet Bright Ideas, Ch 7’s Room for Improvement and tech expert on Ch 9’s Today Show, among many other news and current affairs programs.

Connect