Gpcode: the return of the file encryptor
We've detected a new variant of Gpcode – a dangerous file-encryptor. It encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc.
Once the virus has encrypted a user's files, it leaves the following text message along with the files it has encrypted:
"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor."
In this case, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.
Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected:
• which programs you have executed,
• which websites you have visited, etc.
We'll try and help you recover any data that has been encrypted.
Our analysts are continuing to analyze the virus code in search of a way of decrypting files without having the private key. In the meantime, do take extra care as you surf and read email. And if you see the above messages…do follow our instructions.