Gpcode uses a 1024-bit key and the algorithm seems to be sound, so brute-forcing the scheme will require about 15 million modern computers, and even then, it could take about a year.
“Of course, we don’t have that type of computing power at our disposal,” Kaspersky says in its appeal. “This is a case where we need to work together and apply all our collective knowledge and resources to the problem.”
They’ve included two public keys – one used to encrypt files on XP and Vista machines and the other for all other versions of Windows. And they’ve also provided the exponent for the keys.
I wonder if you could start with the same infection mechanisms, so that the people who got tagged also end up contributing to the solution.
I’m also a little intrigued by the economics of a data-ransom worm. It probably says something interesting about the state of organized crime on the net that a criminal enterprise would be in a position to run a classic protection racket — that is, people actually do get their data back if they pay the extortion — rather than the hit-and-run version where the money goes out but no recovery info comes back. The protection-racket version is potentially much more profitable, but it also requires a fairly stable longterm operation. From a technical point of view, it might also be more reliable to actually encrypt the data rather than zeroing it or munging it in some more obvious (but potentially recoverable by track forensics) way.