Kaspersky Launches Anti-Crypto Virus Initiative, Expert Disagrees
A new version of the Gpcode-AK ransomware virus is at large on the web. In response, security firm Kaspersky Labs launched the Stop Gpcode initiative. While some see it as a good thing, there are voices claiming this is just a publicity stunt.
June 16, 2008
On the other hand, cryptographic expert Bruce Schneier is convinced that the new initiative is nothing more than an attempt to get some positive media coverage:
“We've never factored a 1024-bit number -- at least, not outside any secret government agency -- and it's likely to require a lot more than 15 million computer years of work. The current factoring record is a 1023-bit number, but it was a special number that's easier to factor than a product-of-two-primes number used in RSA. Breaking that Gpcode key will take a lot more mathematical prowess than you can reasonably expect to find by asking nicely on the Internet.”
The Win32.Gpcode.ak encrypts files with various extensions such as .doc, .txt, .pdf, .xls, .jpg, .png, and so on (the list is quite long) using an RSA encryption algorithm with a 1024-bit key. Once the user has been infected and his data encrypted, he is left only with a “read me” file which tells the users that he better purchase the encruption key or else just say good bye to his files.