If you ever want to see your data again, send $120 in unmarked bills…

December 3, 2010

In 2006 an infection called GpCode (AKA PGPCoder) was discovered. This infection would encrypt all of your files. It would then display a ransom note on your computer telling you that if you wanted your files back, you would have to ransom. This type of infection is often referred to as RansomWare. GpCode wasn’t the first infection of this type, but it is the most ruthless and widespread.

Luckily for us, when this infection encrypted your files, it made a copy of the file to create the encrypted file and then deleted the original file. That’s lucky because we could remove the infection and recover the original deleted files using data recovery techniques.

However, a new version of GpCode has been discovered. It still demands a $120 ransom for your data, but now it securely deletes files instead of using simple file deletion. That means we can’t use data recovery techniques to recover the original files. Researchers are working on a way to decrypt these files, but because it uses an RSA-1024 encryption key, it could take years. Until they break the encryption key, the only option to recover files on a computer hit by this infection is to restore from backup.

To help prevent this infection from getting on your computer, please make sure you have good, up-to-date, unexpired security software. It’s also very important to back up your important files. Email, Calendar, pictures, contacts, documents, music, and so forth should be backed up.

The easiest way to back up is to use an external hard drive which can be purchased at any store that carries computer related stuff.

Leave a Reply

You must be logged in to post a comment.