Reverse engineering virus is not that easy either, especially if the attacker used techniques used by programming engineers to hide their code, hopefully the code would be smaller so less demanding.

JaMeS
-CoD4-

@Darknet,
It is my experience that most larger-than-average organisations will make suitable backups however, your home users and SMEs are far less likely to do so despite, as you say, storage being so cheap.

U’re right… as discussed in the kaspersky subforum, it is a unique key for each encrypted system.So if u got 2 computers infected, even if in the same network, you gotta pay 2X ransom amount. Russian teens with pimples?? I don’t think so…Russian maybe..but teens who specialize in 1024-bit encryption/decryption?? they’re Good……and now very rich I guess!!

*spoiler*

pantagruel: i’ll look into the editing option, have though about it before

Aniva: Lrf P++ pbqrf ner rapelcgrq!

enmgn: Sebz jung V’ir urneq vg’f ol Jrfgrea Havba juvpu vf abg genprnoyr.

Cnagntehry: V’yy ybbx vagb gur rqvgvat bcgvba, unir gubhtu nobhg vg orsber.

Seen as though this post is about encryption my above comment is encrypted for those of you l33t enough with ultra 1024 bit cryptanalysis skills

LOL 3\/1L

I personally think the ‘what-if’ of someone else’s public key is pure theory. My best guess is that they will generate a fresh public key for each victim (or at least have some 100 to 500 which they will recycle) making exposure of a hand full of keys not really harm their business model. Or they will simply ‘patch’ their encryption for a new set of key’s if too much data is published.

According to Dancho Danchev

ddanchev.blogspot.com/2008/06/whos-behind-gpcode-ransomware.html

the perp’s are Russian teens with pimples.

@DarkNet, an ‘Edit’ option seems handy from time to time.

I like the way your mind works. Truly evil.

I had not thought of the possibility of the perp using someone elses public key for encryption but that does mean that paying him for the key will result in no decryption until the key is exposed.

That said, if a victim does pay, surely the victim would publish the decrytion key themselves?

@razta
Several blogs/pages mention the extortion sum to be payed through an egold account. You’re advised to pay (for now) but also notify the tech. dept/customers service (be it egold,paypal,whatever) so they can track/trace the transaction and will be able to hunt down the villain old style.

@the BMX guy
There have been many variant of other mans work in the field of computer virii. Have a look at some of the viral dev kits you can find/acquire, usually ancient stuf
This encryption virus is more advanced because it uses a stronger encryption than before, making a crack down too lengthy (30 year as DarkNet mentions) for any home user to perform (a nice option to speed things up might be this home made Helmer cluster helmer.sfe.se )

The Kaspersky@home routine may back fire. What if the purp doesn’t have the private key used for encryption? It might just as well be someone else’s key he abuses. What if he is using a
‘ root signing key’, ‘certificate authority’ of some bank. This well meant effort could amount to big trouble and substantial losses.