Kapersky labs has given up their unrealistic tentative to guess the key used by Gpcode (see blog entry from 10th June). Their conclusion is that the best countermeasure is regular backup.

Nevertheless, thanks to a “common” mistake of the virus’s author, there may be some hope for careless users who did not backup. When encrypting the file, the virus creates a new files that it renames with the expected extension and then deletes the original file. The deletion is not secure. It is common knowledge (at least in the security community) that a simple deletion does not erase the file. It mainly erases the fields in the file system’s indexing tables. Thus, if the data are on the hard disk as long as they are not be overwritten by a new file. If there was not too much activity on the hard drive, typical recovery tools may retrieve the “deleted” files. Kapersky Labs proposes such a tool from the open source community.

No doubt that the author of the virus will add a secure deletion in the new already announced releases of Gpcode. The author claims that he will use stronger algorithm and new keys. Secure deletion is performed by overwriting every bytes of the file to delete with random data several times before removing it. Tools exist that perform such secure erasing

Two lessons:

• Backup, backup, and backup
• Developers if you want to delete a file, use a secure procedure.

The story continues.

Dving a little bit more in the available information. Gpcode is actually using RSA 1024. Kapersky labs have extracted the public keys. The virus uses two public keys depending on the version of the Operating System. The virus calls Microsoft cryptographic library.

Having the public key is useless. Kapersky labs is calling for the help of crypto community to help to crack the private key. In other words, they launch their own RSA-1024 challenge (See RSA number challenges that apply only to factorization). This is illusory. It would require too much power calculation (else it would have been decided that RSA 1024 is not anymore safe). And there are two keys to crack!!!

The only effective countermeasure against Gpcode is backup your data.

Thanks Alain for the link to the blog  :Wink:

Kapersky lab, the anti-virus editor, detected a variant of virus Gpcode. It encrypts some data files on the hard disk, renames them with extension ._CRYPT, and adds a file !_README_!.txt in the folder. Then, it displays a message announcing the encryption and giving a contact mail.

The virus claims to use RSA-1024. Thus, out of the possibility of brute force attack. Pirated person should contact the pirate, pay the ransom, and he will receive a decryption tool.

This type of attack is not new. Older virus used the same technique. More dangerously, attackers penetrated enterprise network and encrypted critical data. Later asking the ransom. This type of attack is not well advertised because enterprise look for discretion (bad reputation).

Should the victim of the virus pay?

• First of all, normally if the data are carefully daily back-up, then this attack is just painful but not lethal. Would the attack notification appear several days or weeks after infection, it may be more problematic. There are many files that you do not access daily. Some people, or SOHO do their backup on rewritable storage overwriting previous backup.
• What does guarantee that after payment, the pirate will provide the decryption tool? Would you trust your tormentor?

By teh way, does the virus really use RSA 1024? May be it just brags it and implements a lesser secure one. The advantage of using asymmetric crypto is that reverse engineering the virus will not leak the key (that may not be the case with symmetric crypto). It would be “funny” if the virus would just use a XOR with a long key, or even put random data (if the pirate does expect to extort money)