Opinion

Don’t be a victim

The whole new Gpcode outbreak has set me thinking about attackers and victims in general. Yes, decrypting the key used by the new Gpcode is a thorny problem and there’s no guarantee of success. So I’d like to remind everyone that common sense is as improtant as good technology.

Passivity on the part of victims gives cyber-attackers free rein. If you’ve lost your data to Gpcode and are desperate to recover it…even if you give in and rush to purchase an egold account, you can still help stop whoever’s behind this. Don’t just send the PIN code to the blackmailers. Send a copy to the support service of the e-payment system you are using. This will help the investigators track the criminal. And tracking the criminal means s/he might even be caught red-handed.

On the other hand, victims failing to take any action guarantees that the criminal will never be caught – which means there will be new victims – or the same victims will suffer again…and again…and again.

Final thought – I hope that a fourth post on this subject isn’t misleading anyone. There is no Gpcode epidemic; we’ve seen a limited number of infections to date.

However, technical threats aside, it’s user awareness that continues to be a global issue. Stop being a victim, back up your data and take my comments above in context of Gpcode’s history. And then review your own information security in this context as well.

Don’t be a victim

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox