AlphaLocker Ransomware
Posted: May 10, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 13 |
| First Seen: | May 10, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The AlphaLocker Ransomware is a Trojan whose code derives itself largely from the eda2 open-source project. Its authors are selling this threat to third party con artists who may modify different aspects of the Trojan's operations. Its file encrypting attacks can damage variable types of content, including documents, music, archives or images. A three-prong approach of recent backups, using anti-malware products for removing the AlphaLocker Ransomware and routinely updating all software is the defense malware experts can most sanction unreservedly.
A Digital Data Ransom that's Difficult to Predict
Even in the underground market for file encrypting Trojans, certain norms regarding business practices preside. Typically, these standards include a rental model wherein the original developer keeps a high degree of control over the infrastructure of the Trojan's campaign, along with a generous percentage of the profits. The AlphaLocker Ransomware is, in this respect, a clear break from the mold, even as it derives most of its base code from a previously well-researched source: the EDA2 project, which also is indirectly responsible for threats like the SeginChile Ransomware.
Rather than being rented out, the AlphaLocker Ransomware is sold in the form of a complete package, including executable files for its encryptor and decryptor, along with an admin interface. A second con artist, purchasing this bundle for between sixty-five to one hundred USD, then can deploy and configure the AlphaLocker Ransomware at their leisure. Configuration possibilities for this threat include which formats it attacks, with the default settings including well over a hundred types. Exploits favored for installing this program are similarly flexible and based on the preferences of each person purchasing the product.
Although the open-source code may imply poor coding practices, malware experts, unfortunately, concluded that the AlphaLocker Ransomware uses a robust encryption standard. AES key generation combined with RSA encryption makes it difficult for security researchers to develop functional decryptors. By default, after its encryption attack makes all files in its range unreadable, the AlphaLocker Ransomware drops desktop and TXT-based ransom messages that ask for payments in return for the decryptor.
Taking an 'Alpha' Trojan Down a Peg
Besides the work put into its payload, the AlphaLocker Ransomware's author shows signs of due diligence in other areas. Regular updates to this threat have caused many AV solutions to perform poorly in detection tests. PC users should keep their anti-malware tools as fully patched as possible, which will increase the chances of detecting the AlphaLocker Ransomware before its payload triggers.
At the same time, the AlphaLocker Ransomware's authors are not infallible, with recent incidents of the threat's storing crucial admin data in 'plain text' (without the protection of an encryption algorithm) giving other security companies semi-free access to its features. Such breakthroughs can play critical roles in mitigating the impact of new threat campaigns.
However, PC users should concern themselves with good security and data storage practices predominantly, such as keeping their files in backup locations that the AlphaLocker Ransomware can't scan. All samples of the AlphaLocker Ransomware to date also include obvious symptoms, such as wallpaper background hijackings, that trigger only after the encryption attack's completion. Preferably, your active anti-malware protection can detect and then delete the AlphaLocker Ransomware before your files are harmed at all, as the race between threat development and security countermeasures continues.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.