Blackmailing Trojan encrypts hard-drive
KASPERSKY Lab has asked the world, plus dog, to help it crack the key to a Trojan that encrypts your hard drive and then demands cash for the key.
Gpcode has been used in isolated "ransomware" attacks for the last two years. The latest version encrypts all .bak, .doc, .jpg and .pdf and deletes the originals. It then erases itself after leaving a message about where to buy a decryption tool.
Kaspersky said that the files the malware encoded cannot be decrypted because it uses a very strong, 1024-bit key.
The insecurity outfit estimates it would take around 15 million modern computers, running for about a year, to crack such a key.
The company has broken Gpcode's encryption keys in the past, but that was only because the malware's maker had made mistakes implementing the encryption algorithm. ยต
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Wouldn't it be easier to follow the money trail and then fry their gonads at Guantanamo or some other "secret" torture place until they divulge the answer?
Is it so expensive to buy it ones and then reverse engineer a free tool?
Kedas get a grip! In real life you don't have Carter from SG-1 reverse-engineering everything. It just doesn't happen.
And I thought everybody knew by now that only the world+Goua'uld use poor encryption...
people who dont back their documents and photos up are jus silly

and 

businesses that dont are asking for something like this to happen!

decryption key would be good but learn from the mistakes of yourself and other people!
haven't they ever heard of distributed computing?

Crack that sucker and well do the first comment too.
surely if it 'deletes the originals' you could use a cheap file recovery tool to just get them back, assuming that the trojan doesnt have some special multi-pass-wipe utility to delete the files. . . . that would be sneaky

I'm assuming then it 'securely' deletes the files? Easiest thing would be to just recover the files. http://www.pcinspector.de 

Also, wouldn't the bot herder just update the key and set them back a year? (you've been infected with key #192012, please send virgins) I mean if we give kaspersky the ability to easily crack "good keys" isn't THAT also a problem? Besides, Kaspersky are security specialists, can't they run this trojan on a box and copy the virus from memory if they need a copy of the virus? Or run ethereal for f...s sake? I agree, follow the money. Imagine this on a massive scale.... spooky. Hell it could encrypt your whole hdd in the background... then flash your bios wrong if you don't pay within 30 days.... maybe it really is time to do all network related stuff from a virtual-sandboxed system.
I like RogerP's idea. It's much more fun to hunt them down and oh say, encrypt their hands with a hammer (makes coding difficult). BTW I just happen to have a hammer!
"The latest version encrypts all .bak, .doc, .jpg and .pdf "

Hmm, so mp3, avi, mpeg, ogg, divx, exe, sys, com, dll, ini, dat, etc are all fine?

WTF cares? Back up your text and pics, problem solved. Next please.
http://arstechnica.com/news.ars/post/20070523-researchers-307-digit-key-crack-endangers-1024-bit-rsa.html
Kedas: That would work if the black hats were really, really stupid. But if they encrypt your HD with a unique key then all they sell you is the unique decription key for your system.

RogerP is right. Follow the money. Of course, the FBI has more important things to do. Like collecting data on *everyone*.

This is no different than a HD crash. Just reload your backups and go.

You *do* have backups, Right???
Unless the virus author is very incompetent, the encryption key will be different for each system (probably based on things like hard drive serial number, Windows key, user name, etc.). Simply buying it once won't let people figure out how the key is generated. 

It's probably not very hard to track down the payments, though. 

I doubt this kind of virus will be very successful, anyway. Anyone with "valuable enough" files to pay a large ransom (i.e., companies) is likely to have regular backups. 

And I wonder if the original files can't simply be undeleted...
cant they just undelete?

:)
Buy the key
Reverse engineer a tool
Get sued by malware writer under DMCA (US only, i know, but still possible)
" Is it so expensive to buy it ones and then reverse engineer a free tool?"

Wrong assumption... I'm not familiar with the details but they most likely used an asymmetric encryption based and encryption/decryption that works using a well known algorithm. You really need the second key.

It's amazing that with all their special powers, the law enforcement agencies of the world are incapable of tracking down where the money goes.
Maybe the US military could lend them Roadrunner for a weekend or two...?
You know, this kind of thing is going to become more and more prevalent. I'd strongly urge people to image their hard drives on a regular basis. There is even a FREE great product called Macrium Reflect (http://www.macrium.com/ReflectFree.asp) that will do the trick for you on a scheduled basis. I personally have used Acronis TI for years but now there are so many bugs with it that I have divorced her for Macrium. Seems to do the job and is much faster than TI. It is brutal that ransomware is going to be taking fools by storm but hopefully you can restore an image on an encrypted drive...I suppose before I spout off I should find that out eh? Oh well, back up your machine anyhow...just do it! It will save your butt someday.