Kaspersky to try to crack code used in 'blackmailer' virus

Company aims to round up experts to crack encryption code used to lock up data files on computers infected with a "ransomware"-type of virus.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Antivirus software vendor Kaspersky is launching an international effort to try to crack the encryption used in a "blackmailer" virus that locks up data on a victim's computer.

The company announced the "Stop the Gpcode Virus" initiative Monday and extended a public invitation to all cryptography experts and other researchers, saying it has sufficient information about the virus to enable experts to begin working on factoring the RSA key.

Kaspersky also created a special forum for the effort.

Kaspersky Lab said last week that it detected a new version of the ransomware type of Gpcode Virus that essentially holds your data hostage until you pay up. It encrypts files on the hard drive using an RSA algorithm with a 1024-bit key and leaves a message that advises the victim to buy a decryptor and provides an e-mail address to contact.

Kaspersky detects the new variant but is unable to crack the encryption key and has analysts working on that. The virus is rated a "moderate risk."

The Gpcode Virus was first detected in 2006. "Two years ago we were able to get the private key by detailed analysis of the data at our disposal," Kasperky Lab explained in a blog posting. "However, the maximum RSA key length we've been able to 'crack' to date is 660 bits. We were able to do this as the author had made some mistakes when implementing the encryption algorithm."

The encryption strength grows exponentially the more bits it has.

People who believe their computers have been infected with the virus are advised not to restart or power down the machines. They should send an e-mail to stopgpcode@kaspersky.com with details of the infection.

This is a screenshot taken of the message that pops up when a computer is infected with the Gpcode virus. Kaspersky