Posts Tagged ‘kaspersky’

gpcode.ak: New-gen Ransomware

June 10, 2008

This isn’t new, but worrying. A ransomware virus from over a year ago, called ‘gpcode’ has resurfaced. The new version is called ‘gpcode.ak’.

What’s interesting about this virus is that, when infection occurs, it encrypts a victim’s documents (.doc, .pdf, etc) and leaves a ransom note on the computer demanding money in return for the decryption key. The original version of this particular virus used a 660-bit asymmetric key which was eventually cracked, but this new version uses 1024-bits. The internet security company Kaspersky has stated:

“Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.”

Obviously this is very bad news for anyone infected by gpcode.ak, but it does provide some evidence as to the strength of good cryptography. For example, in the OpenVPN guide I’m putting together, I recommend using a 2048-bit key for certificate generation. That’s 2^1024 harder to crack than a 1024-bit key and, going on Kaspersky’s calculation, it would take 15 million modern computers 2^1024 years to crack. While computers are always becoming more powerful, this sort of key strength will surely remain safe for some time to come.

There’s a good page explaining all the details of gpcode.ak here.