Nova variante de vírus utiliza técnicas de extorsão…
Os developers de malware estão a ficar cada vez mais originais. Desta vez foi encontrado pelo Kaspersky Lab um vírus que cifra os ficheiros pessoais do computador da vítima, fazendo com que fiquem inacessíveis a não ser que a vítima pague para obter o software que os irá decifrar, reavendo assim o acesso a esses ficheiros. Como algoritmo criptográfico o vírus utiliza RSA com chave privada de 1024 bits, o que torna até ao momento praticamente impossível reaver os ficheiros “raptados” sem ter que recorrer ao pagamento do “resgate”.
Citando a fonte da notícia:
Kaspersky Lab found a new variant of Gpcode, a dangerous encryptor virus has appeared, - Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.
Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Their researchers have to date been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. It has been estimated that if the encryption algorithm is implemented correctly, it would take 1 PC with a 2.2 Ghz processor around 30 years to crack a 660-bit key.
At the time of writing, Kaspersky researchers are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long and they have not found any errors in implementation yet. Thus, at the time of writing, the only way to decrypt the encrypted files is to use the private key which only the author has.
After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor.
