New Gpcode (encryption) ransomware speading via botnet

August 13, 2008 – 12:43 PM

There are confirmed reports on a new version of the Gpcode ransomware being spread via a botnet.

According to Vitaly Kamluk of Kaspersky Lab (my employer), the Trojan encrypts files on an infected machine (AES-256) and leaves a text file named crypted.txt with a ransom note demanding $10 to decrypt the files. It also changes the desktop wallpaper with a skull/crossbones image that contains a URL, an ICQ number and an e-mail address to contact the author.


You must be logged in to post a comment.