The Gpcode.ak virus strikes!

Lately there has been many accounts of machines becoming infected with the virus Gpcode.ak, a new form of an attack that surfaced a few years ago. Gpcode encrypts information on the affected computer's hard drive, plus any computers to which it has access. It leaves the original system software alone (so the machine remains useable), but encrypts the user's data files. The encryption method for the original version was cracked, making it possible for anyone to decrypt his or her private data files, but this new edition uses a 1024-bit encryption key.

Reported by Kaspersky, it would take a relatively current PC almost 30 years to break.

Users who have been infected will notice a "README" file directing them to contact a specific e-mail address for details on buying a "decryption tool" in order to recover their files. Often times the threat of airing confidential data is included in this ransom note.

However, because of a flaw in this version, it is presently possible to retrieve the encrypted files. Gpcode takes a backup of the data files before it encrypts them, and then deletes this copy. Deleted data files can be recovered using popular file-recovery program that is widely available as both free and commercial solutions. Affected users should avoid booting their PCs, and should avoid doing anything else until they've found their files. This limits the danger of the deleted data files being overwritten by other processes. This method of retrieval is a limited work-around - at best - because it has been widely discussed on the security sites, and it is only a matter of time before the computer virus authors add a step to wipe the deleted files from the hard disk.

Although many individuals report being infected with Gpcode via email or from a rogue site cited inside of e-mail spam, it is unknown how the Gpcode computer virus distributes itself.Consequently, minimizing one's risk of exposure to this virus means taking the typical safeguards against any malicious software, such as keeping antivirus software and email spam blockers up to date, and having a clearly communicated policy about not clicking on links in unsolicited e-mail.