Kaspersky Lab has discovered a new ransomware that uses 1024-bit encryption, making it very difficult for malware researchers to crack.
The ransomware acts similar to the GpCode trojan that was active between 2004 and 2008, but now Kaspersky believes the author of that malware may be back with a new offering.
The problem with this attack and with other ransomware is that it encrypts your files and demands that you follow a series of actions, which could be to install more malware or to make a payment to the malware’s creator. Effectively it holds your files to ransom. Duh.
Security firms have developed decryption tools to help recover files in the past, but this new ransomware features far stronger encryption, utilising the RSA-1024 and AES-256 crypto-algorithms. Kaspersky is attempting to find a way to recover files, but currently it is almost impossible to get them back.
Kaspersky has some advice should users encounter this problem. Firstly, users must become aware of the situation. That’s the easy part as your desktop wallpaper will probably be changed to display text demanding payment or a Notepad file will open with similar information on startup.
Once aware, users should immediately hit the Power button and turn off their PC. We know Windows says you shouldn’t do that but heck this is your files. The longer it’s left the less likely it will be to recover files. Should they remain encrypted, Kaspersky recommends leaving the system untouched until a recovery method is discovered, as tampering with it in any way could risk chances of recovery.