Ransomware holds your computer files for ransom - Canadian TV, Computing and Home Theatre Forums
LinkBack Thread Tools Search this Thread Display Modes

post #1 of 6 (permalink) Old 2008-06-11, 04:10 PM Thread Starter
Member #1
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
Ransomware holds your computer files for ransom

Internet Security firm Kaspersky Lab has issued a warning to Windows users of a malicious piece of malware that holds its victims computer files for ransom.

Okay this scares the living bejeebers out of me. I am now adding extra backups that are not on my network in case this thing finds my computer and network!
hugh is offline  
Sponsored Links
post #2 of 6 (permalink) Old 2008-06-11, 09:11 PM
Join Date: May 2008
Posts: 9
Thanks for posting that mate, I'm doing a complete backup the second I log out of here!
GTCameras is offline  
post #3 of 6 (permalink) Old 2008-06-19, 01:31 PM
Join Date: Dec 2005
Location: Kitchener, ON
Posts: 205
IronCatt is offline  
post #4 of 6 (permalink) Old 2008-06-19, 02:01 PM
Premium Supporter
Join Date: May 2003
Location: Ottawa (Orleans), ON
Posts: 9,102
"ransom malware" - unbelieveable. Find the idiot responsible, lock him up and throw away the key...
eljay is offline  
post #5 of 6 (permalink) Old 2008-06-19, 02:04 PM Thread Starter
Member #1
Join Date: Dec 2001
Location: Toronto
Posts: 47,716
From Kaspersky lab. Links to StopGcode can be found on this linked page.

Kaspersky Lab, a leading developer of secure content management systems, is now able to provide users with instruction on how to recover files attacked by the Gpcode.ak virus. As reported earlier, decrypting files encrypted by Gpcode.ak without the private key is not, as yet, possible. However, a method for recovering encrypted files has been identified.

The method makes use of the fact that before encrypting a file, Gpcode.ak creates a new file (which contains encrypted data from the original file) ‘next to’ the file it encrypts. Once encryption of a file is complete, the virus deletes the original file.

It is well-known that deleted files can be recovered if the data on the hard drive has not been significantly modified. This is why, from the start, Kaspersky Lab's advice to users whose computers were attacked by Gpcode.ak has been to contact the company’s virus experts without rebooting the infected computer. Users who have contacted us have been advised to use various file recovery utilities. Unfortunately, most such utilities are distributed under shareware licenses. Kaspersky Lab analysts have searched for the most effective and accessible of such utilities to help users recover the files deleted by Gpcode.ak. The free PhotoRec utility, developed by Christophe Grenier and distributed under a GPL license, turned out to be just such a solution.

Originally, the utility was developed for the recovery of graphics files (hence its name, PhotoRec, which is short for Photo Recovery). Later, its functionality was extended and it can now be used to recover Microsoft Office documents, executable files, PDF and TXT documents, as well as file archives in a variety of formats (view list of formats).

The PhotoRec utility is supplied with the latest version of the TestDisk package (ZIP file, 1.43 MB).

The PhotoRec utility performs the function of recovering files on a selected partition remarkably well. However, restoring the exact file names and paths remains a problem. To address this issue, Kaspersky Lab has developed a small free utility, StopGpcode (ZIP file, 71.2 KB), which restores original file names and the full paths of the files recovered.

Kaspersky Lab suggests that users who have suffered from the Gpcode.ak virus donate to the author of the PhotoRec utility rather than pay cybercriminals.

Detailed instructions on manually recovering files with the help of PhotoRec and StopGpcode utilities have been added to the Gpcode.ak description.
hugh is offline  
post #6 of 6 (permalink) Old 2008-06-19, 10:56 PM
Join Date: Oct 2005
Location: Mississauga
Posts: 1,986
That PhotoRec utility looks like it can be a handy tool to have around - thanks for the added info, hugh.
Tezster is offline  

Quick Reply

Register Now

In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Please enter a password for your user account. Note that passwords are case-sensitive.


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:


Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.

Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

For the best viewing experience please update your browser to Google Chrome