Incidents

Multiple Gpcode variants

In the last 24 hours we’ve detected five new versions of Virus.Win32.GPcode. This virus is interesting as it encrypts users’ files – with whoever is sending the virus out asking for money to decrypt the files. The virus encrypts files, deletes itself from the victim machine, and also deletes all information which might give a clue how the virus penetrated the system.

The first variants we detected were spreading around the world. The latest version is mainly affecting Russian users. This illustrates the fact that cyber criminals are starting to target their attacks and spamming of malicious programs more precisely.

To date, we haven’t established exactly how GPcode infects computers. However, it seems to be spreading either by exploiting a vulnerability in the operating system, or by a botnet.

A lot of users haven’t contacted antivirus companies, but have instead contacted the authors or users of this malicious program. This will simply encourage the evolution of this virus as it makes it clear that there are potential gains to be made.

In order to protect their machines, users should make sure that they have installed all the latest patches, and keep their antivirus programs up to date. Once the virus is cleaned from encrypted files, they are restored to their original condition.

Multiple Gpcode variants

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox