A new variant of Gpcode, a dangerous encryptor virus has appeared, - Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.

After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor:

"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com"

Kaspersky Lab analysts are continuing to analyze the virus code in search of a way to decrypt the files without having the private key.