Alka Ransomware

The Alka Ransomware is a file-locking Trojan that comes from the STOP Ransomware or Djvu Ransomware family. As a Ransomware-as-a-Service, its distribution exploits can include anything from torrents to fake e-mails, and infections always will block the user's local media files through encrypting them. Users with diligently-maintained backups and anti-malware utilities for flagging and removing the Alka Ransomware should be protected sufficiently.

Ransomware-as-a-Service's Weekly Rollout

In keeping with its reputation for vast proliferation, the STOP Ransomware's Ransomware-as-a-Service is keeping up a steady stream of new variants for early 2020. New versions such as the Alka Ransomware, the Btos Ransomware, the Kodc Ransomware, or the Npsg Ransomware bear few differences from the original STOP Ransomware or the Djvu Ransomware, excepting more secure encryption. As was true two years ago, victims of this threat, such as the latest the Alka Ransomware, will struggle with blocked and erased data en masse.

Having yet to receive a port to other operating systems, the Alka Ransomware endangers Windows users predominant. The Alka Ransomware uses its encryption routine for converting files into unusable, encrypted versions, deletes the originals, and denotes each file's name with an extra 'alka' extension. Other than the extension change, all of this behavior is stereotypical for the STOP Ransomware's business and, in fact, most other Ransomware-as-a-Services, like Russia's Scarab Ransomware.

Some aspects of the Alka Ransomware infections are a little more unique than the above features. Victims can expect the following side effects from this Trojan's payload:

• The deletion of the Restore Points or the Shadow Volume Copies.
• Browsers not loading websites related to security companies (due to Hosts file changes).
• The theft of login credentials via third-party spyware like AZORult.

These side features facilitate the hostage-taking and ransoming process that is the backbone of the Alka Ransomware's RaaS. This variant displays no updates to the ransoming standards, which ask for hundreds of dollars, negotiate through e-mail, and provide a strict deadline before increasing the cost. However, buying a decryptor doesn't mean that the victim receives one as marketed necessarily.

Fetching Back the Data that was Lost

While the encryption method that the Alka Ransomware leverages isn't without weaknesses, most users should depend on their backups – especially those on other computers and storage devices – for saving their files. Users fortunate enough to experience the offline version of the Alka Ransomware's payload may find that advanced recovery software, such as a freeware decryptor, is capable of unlocking or similarly restoring their work. However, in a majority of infections, these files are irretrievable and locked permanently.

The Alka Ransomware's family is one of the few that uses torrents in significant numbers for being worth noting, and the Trojan may mimic pirated software, associated cracks or current movie releases. Alternately, threat actors also target and compromise servers that use poor security standards routinely, such as passwords that align with publicly-known vendor defaults. Thanks to the Fallout Exploit Kit and similar, vulnerability-abusing threats, PC users also are potentially at risk while browsing the Web or opening e-mail links and attachments.

Anti-malware products can provide sufficient protection for nearly all of these attacks, although they aren't a substitute for disabling threatening features, installing patches, and similar precautions. Users protected by an anti-malware solution should detect and remove the Alka Ransomware right away, in most scenarios.

The Alka Ransomware is well over two hundred versions out of the earliest builds of the STOP Ransomware and shows that the business model is running strong. Extortion feeds off of the most vulnerable in society to high profit, and sometimes the weak consists of users without backups of their documents.