Multiple Gpcode variants

In the last 24 hours we’ve detected five new versions of Virus.Win32.GPcode. This virus is interesting as it encrypts users’ files – with whoever is sending the virus out asking for money to decrypt the files. The virus encrypts files, deletes itself from the victim machine, and also deletes all information which might give a clue how the virus penetrated the system.

The first variants we detected were spreading around the world. The latest version is mainly affecting Russian users. This illustrates the fact that cyber criminals are starting to target their attacks and spamming of malicious programs more precisely.

To date, we haven’t established exactly how GPcode infects computers. However, it seems to be spreading either by exploiting a vulnerability in the operating system, or by a botnet.

A lot of users haven’t contacted antivirus companies, but have instead contacted the authors or users of this malicious program. This will simply encourage the evolution of this virus as it makes it clear that there are potential gains to be made.

In order to protect their machines, users should make sure that they have installed all the latest patches, and keep their antivirus programs up to date. Once the virus is cleaned from encrypted files, they are restored to their original condition.