GPCode Trojan encrypts data files and tries to extort money for the unlock key. The criminals use their own RSA 1024 key to encrypt a separate AES 256 key used to scramble the files on a user’s PC after infection. The encryption is strong enough that the only way to recover files is to resort to backups. Users can limit damage caused by the malware by turning off their PC at the point they see the message, before turning and booting from a recovery disk. The message is really a ploy by the criminals to buy time before antivirus suites notice the programme.”]
Source: https://www.csoonline.com/article/2127894/ransom-trojan-returns-for-new-encryption-attack.html