The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Help crack Gpcode

Kaspersky Lab Expert
Posted June 06, 16:50  GMT
Tags: Ransomware, Gpcode

If you read Vitaly's blogpost yesterday, you'll know that on the 4th June 2008 we detected a new variant of Gpcode, a dangerous file encryptor. Details of the encryption algorithms used by the virus are all in Vitaly's post and the description of Gpcode.ak.

Along with antivirus companies around the world, we're faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.

Of course, we don't have that type of computing power at our disposal. This is a case where we need to work together and apply all our collective knowledge and resources to the problem.

So we're calling on you: crytographers, governmental and scientific institutions, antivirus companies, independent researchers…join with us to stop Gpcode. This is a unique project – uniting brain-power and resources out of ethical, rather than theoretical or malicious considerations.

Here are the public keys used by the authors of Gpcode.

The first is used for encryption in Windows XP and higher.

Key type: RSA KeyExchange
bitlength: 1024
RSA exponent: 00010001
RSA modulus:

The second is used for encryption in versions of Windows prior to XP.

Key type: RSA KeyExchange
bitlength: 1024
RSA exponent: 00010001
RSA modulus:

The RSA exponent for both keys is 0x10001 (65537).

The information above is sufficient to start factoring the key. A specially created utility could be of great help in factoring.

We're happy to provide additional information to anyone involved in stopping Gpcode. To keep everyone up to date, we've set up a dedicated forum.


If you would like to comment on this article you must first

Bookmark and Share