New GpCode Ransomeware attack encrypts victims files
The GpCode family is a dangerous form of malware which can permanently destroy files by encyrpting them. The capability for AV products to de-crypt files vary and can't be relied on in all cases, especially when complex encryption techniques are used.
Based on past ransomware threats, users should avoid paying the ransom of £200 (US$307). The folks on the other end are not trustworthy (e.g., decoding key may not be received, credit card info may be further misused, etc).
It is better to recover from backup in a worse case scenario. This threat illustrates the need to have a good backup of all important files to offline media (e.g., backup tapes, CD-R, DVD, USB drives, etc).
New GPcode Trojan Holds Victim’s Files Hostage
QUOTE: It searches and encrypts files found on any readable and writable drive on the system, rendering them inaccessible (without the encryption key). It also changes the file name of the encrypted files, by adding the .XNC extension.
It also drops the file READ THIS.TXT in each folder that contains an encrypted file. This file informs the victim that the files have been encrypted, and that a decrypting tool must be purchased to decrypt the files. Email addresses are also included in the text file, which the victim must contact to obtain the decryption tool.
Accordingly, the perpetrator of this crime demands £200 (US$307) for the decryption services. Users are strongly advised to back up their files so as not to be victimized by ransomware.
What is Ransomeware?