GPCode targets Windows OS and the method of distribution is currently unknown, although several open source reports suggest that the attackers exploit vulnerabilities in servers to spread the infection. Originally released in June 2006, GPCode could be derypted without paying the ransom. However, recent versions are unbreakable and not only encrypt data, but some versions corrupt operating systems by encrypting .exe and .dll files as well. GPCode encrypts local files, shared folders, and even administrative shares, according to victims. It also deletes Shadow Volume Copies to prevent file restoration. Files encrypted by GPCode are appended with either the extension .LOL! or .OMG!. The attackers behind GPCode offer to decrypt one to two of the victim’s encrypted files before demanding payment for the rest. GPCode threatens to delete all of the victim’s files and decryption keys if payment is not received within one month.
- The Bleeping Computer forum has more information about GPCode here.
- The NJCCIC is not aware of any decryption tools available for GPCode.