Multiple Gpcode variants

In the last 24 hours we’ve detected five new versions of Virus.Win32.GPcode. This virus is interesting as it encrypts users’ files – with whoever is sending the virus out asking for money to decrypt the files. The virus encrypts files, deletes itself from the victim machine, and also deletes all information which might give a clue how the virus penetrated the system.

The first variants we detected were spreading around the world. The latest version is mainly affecting Russian users. This illustrates the fact that cyber criminals are starting to target their attacks and spamming of malicious programs more precisely.

To date, we haven’t established exactly how GPcode infects computers. However, it seems to be spreading either by exploiting a vulnerability in the operating system, or by a botnet.

A lot of users haven’t contacted antivirus companies, but have instead contacted the authors or users of this malicious program. This will simply encourage the evolution of this virus as it makes it clear that there are potential gains to be made.

In order to protect their machines, users should make sure that they have installed all the latest patches, and keep their antivirus programs up to date. Once the virus is cleaned from encrypted files, they are restored to their original condition.

Multiple Gpcode variants

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox