Kaspersky Labs has come across a blackmailing virus dubbed Virus.Win32.Gpcode.ak that encodes all user's files with extensions like *.doc, *.txt, *.pdf, *.xls, *.jpg, *.png, *.cpp, *.h and the like by means of a strong RSA encryption algorithm with a 1024-byte-length key. The virus adds a "._CRYPT" signature to the encoded files and places a "!_READ_ME_!.txt" plain text document in the same folder with the following contents:

"Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: ********@yahoo.com"

The good news is that Kaspersky Lab has always succeeded in cracking the criminals' code before by a thorough cryptographic analysis of the gathered data. The bad news is that the maximum RSA key length they have managed to crack was 660 bytes. Kaspersky Lab cannot but admit that at the moment they are unable to decrypt the 1024 byte key.

The only advice the online security company gives is to contact Kaspersky Labs experts from another computer connected to the Internet by sending an e-mail to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it The e-mail should contain the exact date and time of the infection, and the last actions the user did on his machine five minutes before the infection took place. While doing that, it is advisable not to restart or turn off the infected computer.

Kaspersky Lab promises to find the solution to the problem as quickly as possible. Its experts also ask everyone who suffered from the virus not to pay the online criminals as there is no guarantee they will ever send you the "decryptor".

As a temporary solution, users may try to recover the original files that the virus deletes after encryption. Kaspersky has also devised software to restore the original names of the files adffected by the virus.