Affected users find a "README" file directing them to contact a specific email address for details on purchasing a "decryption tool" in order to recover their files. Sometimes the additional threat of publicizing confidential information is included in this ransom note.
However, because of a flaw in this version, it is currently possible to recover the encrypted files. Gpcode makes a copy of the files before encrypting them, and then deletes this copy. These deleted files can be recovered with file-recovery software that is widely available in both free and commercial offerings. Affected users should avoid rebooting their computers, and should not use them for anything else until they've recovered their files. This limits the risk of the deleted files being overwritten by other processes. This method of recovery is a temporary work-around - at best - because it has been widely publicized on the security forums, and it is only a matter of time before the virus authors add a step to wipe the deleted files from the disk.
It is unclear exactly how this virus spreads, but the vast majority of malicious infections come directly from spam email or from rogue web sites to which spam directs users. Therefore, minimizing one's risk of exposure to this virus means taking the normal precautions against any malware, such as keeping virus scanners and spam filters up to date, and having a clearly communicated policy about not following links in unsolicited emails (spam).
Try our award winning free anti virus protection for 30 days!
Christopher is an Information Security Consultant You are welcome to reproduce this article on Computer Security related web site, as long as you reproduce the article in full, including this resource box and link to our website.
No comments:
Post a Comment