It seems the malware GPCode which first surfaced in 2004 is back according to I received a frantic call from a client last week informing me that all files on his desktop has been encoded and he cannot open them. After visiting the client, it turned out that he has inadvertently clicked a link to a website which started the chair reaction and continue to spread the virus. It seems the virus also infected quite a few files on the fileserver as well of which they do not have a valid backup in place.

This is a bad situation to say the least. Now after doing quite a bit of research, it seems that all data that has been infected might be lost. I will be working with my client closely to have all their PCs and their File Server cleaned and virus free. Hopefully in the future, users will use more restraint when clicking on links that they are not sure of.

To read more about the GPCode Ransomware, please click on this link.