“Kaspersky’s new ransomware discovery: your money or your data!”

---

Kaspersky’s new ransomware discovery: your money or your data! Posted: 01 Dec 2010 06:22 AM PST By Alex Zaharov-Reutt Wednesday, 01 December 2010 23:53 Your IT - Home IT Page 1 of 2 Ransomware is back with a vengeance, with security company Kaspersky Lab discovering a new and much more powerful variant of the GpCode ransomware, which now not only encrypts your data, but also overwrites it, dramatically complicating the chance of data recovery and upping the ante in the ever more sophisticated cyber criminal world. On the day I returned from a 3-day "international press tour" to Kaspersky Lab headquarters in Moscow, with a report on that event still to follow (and an interview with Kaspersky Lab CEO and co-founder, Eugene Kaspersky already published), Kaspersky Lab is in the news for having discovered a new 2010 variant of the previous GpCode ransomware that first appeared in 2004, but this time with much stronger capabilities, according to Kaspersky Lab expert Vitaly Kamluk and announced on November 29th. Mr Kamluk explains that "this type of malware is very dangerous because the chances of getting your data back are very low", and is "almost the same as permanent removal of the data from your hard drive". Although Kaspersky Lab "managed to offer a few ways of recovering and even decrypting your data with our decryption tools" in 2006 and 2008, says Mr Kamluk, he warns that "GpCode is back and it is stronger than before." "Unlike the previous variants, it doesn't delete files after encryption. Instead it overwrites data in the files, which makes it impossible to use data-recovery software such as PhotoRec, which we suggested during the last attack. "Preliminary analysis showed that RSA-1024 and AES-256 are used as crypto-algorithms. The malware encrypts only part of the file, starting from the first byte", explains Mr Kamluk, who says that efforts to help retrieve encrypted data has commenced, with news updates to come, and advice on what to do if already infected. Given that all of your data, documents, music, videos, databases, photos and other personal information is rapidly being encrypted, the advice to turn your PC off as quickly as possible, even if by pulling out the power cord from a desktop computer or holding down the power button on a laptop until it reboots so you can immediately turn it off. This is done if you see a ransom message demanding silence and money to decrypt your files, or they will (supposedly) be deleted within X number of days, with the message appearing as a pop-up notepad window with text, or as a white desktop background with text again demanding silence, and money to be wired transferred. Continued on page two, please read on! This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php Five Filters featured article: Beyond Hiroshima - The Non-Reporting of Falluja's Cancer Catastrophe.

You are subscribed to email updates from Content Keyword RSS To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610