GpCODE Ransomware
The GpCODE Ransomware is designed to infect users' computers, initiate an encryption routine, and lock the vast majority of the files stored there. Afterward, the attackers will extort their victims for money by promising to provide them with a decryptor application and the required decryption key. It should be noted that judging by the ransom note messages left by GpCODE, the threat is mostly targeted at Russian-speaking users.
During its encryption process, the GpCODE Ransomware will append '.GpCODE' to the names of all locked files. When the threat has completed the locking of all targeted file types, it will display two identical ransom notes with instructions for its victims. One will be contained inside a text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt,' while the other will be shown as a pop-up window.
Table of Contents
Ransom Note’s Message
As stated earlier, both ransom notes are identical and are written in Russian entirely. As such, if the compromised computer doesn't have the Cyrillic font installed, it could render GpCODE Ransomware's instructions to become unintelligible completely.
Otherwise, users will be told that their files have been locked with the RSA-1024 asymmetric cryptographic algorithm. The note also will claim that the ransomware infection took place after users visited adult-oriented websites. As for the demanded ransom, the attackers claim that they want to be paid a signal ruble, which is worth just a fraction of a dollar. This detail could mean that the current GpCODE Ransomware versions are being used for testing purposes or victims will receive payment instructions after establishing contact with the hackers. The notes mention that victims can reach the cybercriminals via ICQ, Skype or email. The GpCODE Ransomware is a variant from the Xorist Ransomware family.
The full text of GpCODE Ransomware's instructions is:
'Внимание! GpCode
Все ваши персональные файлы были зашифрованы с помощью алгоритма RSA-1024,
Вы посетили сайт ИНЦЕСТ.РУ и нарушили правила, в разделе ГЕЙ ПОРНО!!!!
чтобы восстановить свои файлы и получить к ним доступ,вам необходимо:
положить 1 рубль наЯД 41001902182359
WebMoney Z337100389680, R357074105711
В комментариях укажите аську или скайп или e-mail
После перевода,в течении часа(зависит от способа перевода)
вы получите код и инструкции ,в указанные данные для связи!ВАЖНО:У вас есть 20 попыток ввода кода. При превышении этого
количества, все данные необратимо испортятся. Будьте
внимательны при вводе кода!Ищите (КАК РАСШИФРОВАТЬ) на рабочем столе….'
SpyHunter Detects & Remove GpCODE Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 4e77cd3a285a132100c9c6369e69dbd3 | 0 |