NEWS FROM THE LAB - Monday, May 30, 2005

A trojan that takes hostages Posted by Alexey @ 13:03 GMT

It looks like not only terrorists and kidnappers can take hostages, but trojans too. A trojan called Gpcode (also known as PGPCoder) encrypts user's files with certain extensions and then asks for a ransom to "fee" (decrypt) them. This trojan got some media attention during past 2 weeks. According to media reports the authorities are investigating the case.

Luckily the trojan had a very simple encryption algorithm, so it was possible to create a decryptor for the encrypted files. F-Secure Anti-Virus can detect and decrypt files encrypted by Gpcode trojan. If you are hit by this trojan and your files are encrypted, please scan ALL files on your hard disk and they will be decrypted.