New Gpcode (encryption) ransomware speading via botnet

August 13, 2008 – 12:43 PM

There are confirmed reports on a new version of the Gpcode ransomware being spread via a botnet.

According to Vitaly Kamluk of Kaspersky Lab (my employer), the Trojan encrypts files on an infected machine (AES-256) and leaves a text file named crypted.txt with a ransom note demanding $10 to decrypt the files. It also changes the desktop wallpaper with a skull/crossbones image that contains a URL, an ICQ number and an e-mail address to contact the author.

Source:
http://blogs.zdnet.com/security/?p=1689

Related posts:

• Recovering from the Encryption Virus
• Encryption: 1024 bits are not enough
• Malicious Botnet Stole Bank, Credit Union Credentials
• New Massive Botnet Twice the Size of Storm
• Cryogenically frozen RAM bypasses all disk encryption methods