Alcatraz Ransomware

Posted: November 1, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	9

First Seen:	November 1, 2016
Last Seen:	June 1, 2018
OS(es) Affected:	Windows

The Alcatraz Ransomware is a Trojan that solicits ransom payments by encrypting, and thereby blocking your files, such as pictures. When paying these ransoms, victims should consider that a con artist may not reciprocate any working decryption services or software, making the act in vain. Standard anti-malware products, along with data storage redundancy, can work together to remove the Alcatraz Ransomware and keep its attacks from locking you out of your saved data.

A Prison Operating without a Justice System

The variety of social engineering techniques at work in current Trojan campaigns leads to a wide range of symptoms and visible effects, although the long-term damages corresponding to them often are highly consistent. While some Trojans may pretend to be a form of technical support or even a built-in part of Windows, others, such as the Alcatraz Ransomware, don't bother disguising their attacks as anything but overtly threatening. This Trojan generates pop-ups making direct demands for ransom payments, in addition to encrypting your private data.

Malware experts can associate current distribution exploits for the Alcatraz Ransomware to the RIG Exploit Kit, a browser-based threat with past ties to the Cerber 4.0 Ransomware and other Trojans of the same classification. The EK uses HTML-embedded script exploits, such as Java vulnerabilities, for installing the Alcatraz Ransomware after the Web surfer loads an unsafe website. The Trojan then scans for files, including JPG pictures and documents, that it encrypts and appends with the '.Alcatraz' extension.

Only afterward does the Alcatraz Ransomware's payload include a visible symptom: its HTML pop-up window. The initial ransom message is available in multiple languages and redirects to a website hosting the Alcatraz Ransomware's payment infrastructure (operating via Bitcoin). Malware experts note a potentially variable time limit on ransom payments, ranging from a week to a month, although there remains no guarantee that paying will decrypt your files.

Contriving a Jailbreak from an Undeserved Prison

Unlike threats with more elaborate social engineering tactics, the Alcatraz Ransomware's only incentive for forcing payment lies in its capacity for blocking files by encoding them. PC owners backing their hard drives up to cloud servers or other devices can restore them without needing a decryption process, or the key for it. Others may wish to contact appropriate anti-malware researchers for assistance with the possibility of developing a free decryption application, which sometimes is possible after reviews of samples of both the threat and the encrypted data.

Malware experts also recommend tending to security vulnerabilities that expedite the distribution of the Alcatraz Ransomware, and file-encrypting Trojans like it. Web browsers using old plugins, enabling scripts globally, and loading potentially unsafe websites are at high risk of being impacted by attacks. Professional anti-malware products can intercept these attacks and remove the Alcatraz Ransomware before any encryption takes place.

Inevitably, profit for a con artist means a loss of money from an innocent victim. However, even new threats like the Alcatraz Ransomware are rarely any more capable than old ones of standing up to the most basic standards of Web-browsing security.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 118.27 KB (118272 bytes)
MD5: cb44ccf09d8dc084a1377fe7b981084c
Detection count: 67
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 17, 2016