ALVIN Ransomware

The ALVIN Ransomware is a file-locking Trojan of a currently unknown family. The ALVIN Ransomware can block the user's digital media files, such as documents, through encrypting them. The ALVIN Ransomware also changes their extensions and creates ransom messages recommending that victims pay Bitcoins for a recovery tool. Sufficient backup precautions will eliminate most dangers from this Trojan, along with PC security solutions for removing the ALVIN Ransomware installations.

Trojans Hiding Their Hands When It Comes to Ransoms

In both self-evident and more subtle ways, social engineering is part and parcel of most Trojans' campaigns, either during the infection stages or afterward. A new file-locking Trojan, showing signs of being part of a yet-unconfirmed Ransomware-as-a-Service group or similar family, is taking the route of secret information and using it for maximizing its profit potential. The threat, the ALVIN Ransomware, is otherwise quite similar to file-locking Trojans of the largest regularly-maintained families, like the Dharma Ransomware.

The ALVIN Ransomware is Windows software with no as-of-yet definitive victims. Its payload flow is similar to those of a RaaS:

• Blocking most media files on the user's computer by encrypting them
• Inserting ransom-related information (like a 'customer ID') into the names' extensions
• Dropping ransom notes via Notepad TXT

The details contained therein its message makes it highly likely that the ALVIN Ransomware is part of a Ransomware-as-a-Service, although what it leaves out is equally important.

The ALVIN Ransomware demands Bitcoins for its file-unlocking service, thereby avoiding the refund and fraud protection issues of more-ordinary currency channels. However, it also avoids providing a price, claiming that the victim's response time will affect the cost of the decryptor. This vital information deprivation lets attackers negotiate for the most money per victim without giving away points for comparison. The Trojan also uses unique and what looks like campaign-specific e-mails, which malware experts note, rules out some families, such as the STOP Ransomware.

Preferable Options for Saving Data without Paying Unknown Prices

Since the ALVIN Ransomware's genealogy requires further exploration, victims may consider submitting samples of relevant e-mails, executable files, etc., to reputable security researchers. Until its identity receives confirmation, malware experts recommend assuming that decryption isn't possible without the attacker's help – which he or she may or may not provide after taking the Bitcoin ransom. All users should prepare backups of their files on other devices in case of emergency recovery scenarios and not depend on local backups, such as the Restore Points, which a Trojan may compromise irrevocably.

Users also should maintain strong passwords that can prevent account hijackings using brute-force 'hacks.' More-likely-than-usual infection vectors for threats of this type include e-mail attachments, such as news reports, epidemic guidelines, or invoices, which carry macros with embedded exploits. Users also should stay clear of illicit media and scan any downloads before opening them.

Although detection rates across the industry aren't verified yet, credible anti-malware services should block and remove the ALVIN Ransomware. Readers should remember that removing infections doesn't impact the file-blocking encryption, which is why preventing them is so urgent.

The ALVIN Ransomware might be a mystery where its past concerns itself, but it behaves the same as any well-maintained threat that runs a business off extortion. Users can either protect their files or roll the dice and hope they don't end up on 'snake eyes.'