Police have identified the hacker behind the infamous Gpcode 'ransomware' virus that hit computers in July.
Luckily, on this occasion, Gpcode's author had made a number of more basic programming errors that allowed researchers to construct a method for recovering files. It turned out that while encrypting data, the original files had been 'deleted' using the Windows file system. This meant that although invisible to the operating system, the files were still on the disk and could be recovered using available tools.
One thing Gpcode has made clear is that technology alone can't now defend against this type of malware. Once on an undefended PC, reversing its effects depends on having access to the private RSA key, and that means tracking down the author.
According to Kaspersky, stopping ransomware-based malware in the future will require more effective law enforcement, the use of forensic software analysis to tie suspects to their malevolent creations, and possibly building restrictions into the Windows cryptographic software libraries used to create Gpcode itself.
Despite its frightening reputation, ransomware is still, thankfully, a rare phenomenon. There are various theories as to why this is the case, ranging from the complexity of the software itself to the difficulty of setting up a reliable channel through which to accept 'ransom' payments from victims. Other, easier types of malware might just be more profitable to criminals.