Traditional ransomware is difficult to build, but a few talented hackers and web scammers have put together some impressive ransomware threats over the years—including Trojan.Gpcoder.F and Gpcode.AK. The folks at Kaspersky recently discovered a new addition in this Gpcode series, and while this new one is much like the older version, it does have some infuriating new features.
Long story short, this ransomware virus barges into your computer through badware websites and drops a text file claiming that “All your personal files (photo, documents, texts, databases, certificates, video) have been encrypted by a very strong cypher RSA-1024.” It goes on to say that to get your files back you will need to send $125 via “Ukash/PSC pre-paid cards.” You’ll also see a desktop image resembling the picture to the left. The text reads:
All your personal files were encrypted with a strong algorithm RSA-1024 and you can’t get an access to them without making of what we need!
Read the TXT file on desktop!
Just do it as fast as you can!
Remember: Don’t try to tell someone about this message if you want to get your files back! Just do all we told.
Unfortunately, manual removal for the Gpcode ransomware is not easy unless you’re a computer whiz, so the best option is to restart in Safe Mode with Networking and run a full scan with STOPzilla or another legitimate antibadware program. If that doesn’t work, you can also run a system restore to return your computer to a time before you got the Gpcode ransomeware.