Home Malware Programs Ransomware Alpha Crypt

Alpha Crypt

Posted: April 30, 2015

Alpha Crypt, also known as AlphaCrypt, is a file encryption Trojan that targets files of particular formats and makes them unusable for holding for ransom. In addition to text files, image files, movie files and other, common targets, Alpha Crypt also sabotages files associated with major gaming applications. Despite the potential disruption to stored data on the infected PC, malware experts discourage paying Alpha Crypt's ransom, particularly as an alternative to deleting Alpha Crypt with a trusted brand of anti-malware software.

From Beta Malware to Alpha Crypt

Attacks abusing software vulnerabilities through flexible 'kits' are a common step in many targeted and non-targeted threat installers, with threats like Alpha Crypt as the usual payload. Most recently seen in distribution via the Angler Exploit Kit (also connected to such threats as Swifti), Alpha Crypt may be installed with the assistance of threatening e-mail messages. Like another file encryption Trojan suspected of being its near ancestor, TeslaCrypt, Alpha Crypt attacks files on your PC for the purpose of forcing you to pay a BitCoin ransom.

Alpha Crypt targets a wide array of both generalized and specialized file formats, although malware experts have yet to see Alpha Crypt attacking any essential components of an operating system. Movie files such as AVI or MOV, text documents such as DOC or TXT and compressed file archives such as ZIP all are targets for encryption. Alpha Crypt also targets data related to some brands of games, including Call of Duty and World of Tanks.

As usual for a file encryptor, Alpha Crypt uses a unique RSA-2048 encryption key for each infected PC, preventing any victims from using a general decryption tool to reverse the damage. Files encrypted by the Alpha Crypt Trojans are unusable, and some versions of Alpha Crypt delete standard file backup data (such as the Shadow Copy used by Windows machines).

Alpha Crypt then displays a desktop-based ransom message along with a text document, both of which recommend that their victims pay a ransom through the Tor Browser. Current versions of Alpha Crypt demand ransoms of over one hundred USD in exchange for the decryption of your files.

Excavating a Solution to an Alpha Crypt Attack

Although Alpha Crypt may be just as successful as previous ransomware campaigns in terms of damaging local data, malware experts can recommend multiple ways of preventing Alpha Crypt from doing any permanent damage. You may reinstall any gaming programs that keep non-local save data, and most remote storage methods (such as cloud storage services) should provide free ways of restoring your encrypted files to their non-encrypted formats. Files encrypted by Alpha Crypt Trojans are recognizable through their use of the .EZZ extension.

However, before recovering any affected files, you should uninstall Alpha Crypt from your PC. Due to Alpha Crypt's lack of self-distribution features, Alpha Crypt is likely to be installed along with one or more, additional threats that also may need to be detected and deleted. Using reliable anti-malware products to scan the infected machine can provide the most immediate and simple way of removing Alpha Crypt from your computer, and can have the added benefit of detecting other threats to your machine's privacy or security.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Desktop%\HELP_TO_SAVE_FILES.bmp File name: %Desktop%\HELP_TO_SAVE_FILES.bmp
Mime Type: unknown/bmp
%Desktop%\HELP_TO_SAVE_FILES.txt File name: %Desktop%\HELP_TO_SAVE_FILES.txt
Mime Type: unknown/txt

Related Posts

Loading...