Yesterday evening we started receiving messages from users in Russia who’d been infected by the latest version of GpCode, a cyber blackmail virus.
In comparison to the previous variant, GpCode.ae, which we detected last week, this new variant uses a stronger encryption algorithm (RSA 330 bit); this makes it more difficult for our virus analysts to develop decryption. However, we’ve been successful, and we added detection and decryption for infected files to our antivirus databases.
Users who have been infected by GpCode.af should download the latest antivirus databases and fully scan their computers.
One point that we want to stress: at the moment, we’re still not 100% sure how this virus penetrates victim computers. You should exert maximum caution: don’t launch files that you receive via email, and ensure that your operating system and browser is fully patched.
Finally, back up your data on a regular basis. Then if the worst ever does happen – and we hope it won’t – you’ll still have a copy of whatever you were working on.