|
|
Mr Kamluk explains that 'this type of malware is very dangerous because the chances of getting your data back are very low', and is 'almost the same as permanent removal of the data from your hard drive'.
Although Kaspersky Lab 'managed to offer a few ways of recovering and even decrypting your data with our decryption tools' in 2006 and 2008, says Mr Kamluk, he warns that 'GpCode is back and it is stronger than before.'
'Unlike the previous variants, it doesn't delete files after encryption. Instead it overwrites data in the files, which makes it impossible to use data-recovery software such as PhotoRec, which we suggested during the last attack.
'Preliminary analysis showed that RSA-1024 and AES-256 are used as crypto-algorithms. The malware encrypts only part of the file, starting from the first byte', explains Mr Kamluk, who says that efforts to help retrieve encrypted data has commenced, with news updates to come, and advice on what to do if already infected.
Given that all of your data, documents, music, videos, databases, photos and other personal information is rapidly being encrypted, the advice to turn your PC off as quickly as possible, even if by pulling out the power cord from a desktop computer or holding down the power button on a laptop until it reboots so you can immediately turn it off.
This is done if you see a ransom message demanding silence and money to decrypt your files, or they will (supposedly) be deleted within X number of days, with the message appearing as a pop-up notepad window with text, or as a white desktop background with text again demanding silence, and money to be wired transferred.
Continued on page two, please read on!
