Kaspersky comes with a catch

Kaspersky Lab has published advice on recovering files encrypted by the frightening Gpcode.ak virus, but there is a big catch — users must not have turned off their PC first.

A new variant of the malware struck last week, scrambling a variety of files on victims’ PCs using a very strong 1,024-bit RSA encryption key that has so far confounded attempts to crack it. Its creators demand a ransom for the unlock key.

While victims of the malware will be grateful to have any method to recover files, this technique is fraught with problems for the non-technical. Ideally, users need to have a second — and therefore clean – computer with which to download a GPL-licensed utility, Photorec, to start the process.

The biggest barrier of all, however, is that users must employ the recovery utility without having turned off or rebooted their PC after the infection was first noticed, a fact that will probably reduce the number of people able to use the method to low percentages.

A reboot tends to be the first thing users try when hit by malware, but this risks changing the data on the hard disk, overwriting areas used by a file created by the virus writers when initially encrypting a victim’s files — it is this small mistake that has made the recovery possible in the first place.

Although Photorec is reported to be able to recover files successfully under these conditions, users need to use a separate utility from Kaspersky to relate those files to their real file names and original directory structure. All in all, the method adds up to a pretty steep crash course in the technical side of a Windows PC.

Meanwhile, a full cure for Gpcode appears no nearer, with Kaspersky admitting it still hasn’t discovered the key with which to unlock files the easy way. But even if the company managed to recover the key, there is nothing to stop the attackers releasing a variant using a new key.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

CDN Staff
CDN Staffhttps://channeldailynews.com
For over 25 years, CDN has been the voice of the IT channel community in Canada. Today through our digital magazine, e-mail newsletter, video reports, events and social media platforms, we provide channel partners with the information they need to grow their business.

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.