Alcatraz Ransomware
Posted: November 1, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | November 1, 2016 |
---|---|
Last Seen: | June 1, 2018 |
OS(es) Affected: | Windows |
The Alcatraz Ransomware is a Trojan that solicits ransom payments by encrypting, and thereby blocking your files, such as pictures. When paying these ransoms, victims should consider that a con artist may not reciprocate any working decryption services or software, making the act in vain. Standard anti-malware products, along with data storage redundancy, can work together to remove the Alcatraz Ransomware and keep its attacks from locking you out of your saved data.
A Prison Operating without a Justice System
The variety of social engineering techniques at work in current Trojan campaigns leads to a wide range of symptoms and visible effects, although the long-term damages corresponding to them often are highly consistent. While some Trojans may pretend to be a form of technical support or even a built-in part of Windows, others, such as the Alcatraz Ransomware, don't bother disguising their attacks as anything but overtly threatening. This Trojan generates pop-ups making direct demands for ransom payments, in addition to encrypting your private data.
Malware experts can associate current distribution exploits for the Alcatraz Ransomware to the RIG Exploit Kit, a browser-based threat with past ties to the Cerber 4.0 Ransomware and other Trojans of the same classification. The EK uses HTML-embedded script exploits, such as Java vulnerabilities, for installing the Alcatraz Ransomware after the Web surfer loads an unsafe website. The Trojan then scans for files, including JPG pictures and documents, that it encrypts and appends with the '.Alcatraz' extension.
Only afterward does the Alcatraz Ransomware's payload include a visible symptom: its HTML pop-up window. The initial ransom message is available in multiple languages and redirects to a website hosting the Alcatraz Ransomware's payment infrastructure (operating via Bitcoin). Malware experts note a potentially variable time limit on ransom payments, ranging from a week to a month, although there remains no guarantee that paying will decrypt your files.
Contriving a Jailbreak from an Undeserved Prison
Unlike threats with more elaborate social engineering tactics, the Alcatraz Ransomware's only incentive for forcing payment lies in its capacity for blocking files by encoding them. PC owners backing their hard drives up to cloud servers or other devices can restore them without needing a decryption process, or the key for it. Others may wish to contact appropriate anti-malware researchers for assistance with the possibility of developing a free decryption application, which sometimes is possible after reviews of samples of both the threat and the encrypted data.
Malware experts also recommend tending to security vulnerabilities that expedite the distribution of the Alcatraz Ransomware, and file-encrypting Trojans like it. Web browsers using old plugins, enabling scripts globally, and loading potentially unsafe websites are at high risk of being impacted by attacks. Professional anti-malware products can intercept these attacks and remove the Alcatraz Ransomware before any encryption takes place.
Inevitably, profit for a con artist means a loss of money from an innocent victim. However, even new threats like the Alcatraz Ransomware are rarely any more capable than old ones of standing up to the most basic standards of Web-browsing security.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 118.27 KB (118272 bytes)
MD5: cb44ccf09d8dc084a1377fe7b981084c
Detection count: 67
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 17, 2016
file.exe
File name: file.exeSize: 117.76 KB (117760 bytes)
MD5: 35d93ccc99cf73c9c46349718aeae588
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 7, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.