Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Alcatraz Locker Remove and Restore .Alcatraz Files

ransomed-html-alcatraz-locker-sensorstechforumRansomed.html – this is the file, victims whose files have been encrypted by the new Alcatraz Locker ransomware virus. The virus appends the .alcatraz file extension to the encrypted files and it is particularly dangerous, because it may slither onto your computer via fake phishing web page. After infection has been completed, the ransomware virus immediately begins to drop it’s .html ransom note which leads to the notification giving users a deadline to pay the sum of 0.50 BTC in ransom payoff. Anyone who has been infected by Alcatraz Locker should focus on immediately removing the malware themselves and read this article for more information on how to revert the encrypted files.

Threat Summary

Name

Alcatraz Locker

TypeRansomware
Short DescriptionAlcatraz Locker uses a strong cipher to encrypt files of the infected computers and leave 7 days deadline to pay 0.50 BitCoins.
SymptomsThe user may witness ransom note with instrucions as a ransomed.html type of file which leads to instructions and a payment page where the user should pay in BitCoin. The file extension .alcatraz is added to the encrypted files.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Alcatraz Locker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does Alcatraz Locker Spread

To cause a maximum number of infections, Alcatraz Locker ransomware uses advanced combination of tools that increase the likelihood of a successful infection process. These tools may be:

  • Malware obfuscators.
  • JavaScript malware.
  • File Joiners.
  • Spam bots.
  • Trojan.Downloaders.

Once Alcatraz Locker has been installed onto a user computer, the virus has been reported to connect to a remote server and may download the malicious payload via one of the below-mentioned protocols:

  • HTTP.
  • TCP.
  • UDP.

What Does Alcatraz Locker Do?

After infection by Alcatraz Locker has completed, the virus may begin to cause several different issues on the infected computer. For instance, the machine’s screen may flash, errors might be displayed via several different messages and so on and so forth.

As soon as the infection process is complete, Alcatraz Locker may have multiple files in several Windows folders:

  • %AppData%
  • %Startup%
  • %System32%
  • %Windows%

After this, the virus may have modified registry entries that make it’s encryption support module run every time Windows has started. The usual registry sub-keys that can make this achievable are the Run and RunOnce keys, located in two Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

After the virus has set up, it uses several different techniques to render the user files no longer openable. More specifically, Alcatraz Locker may append a cryptographically strong encryption algorithm to render the files no longer accessible. For the encryption, Alcatraz Locker may attack several different types of files, primarily videos, music, audio files, images and others. Here is an example of commonly used file extensions to help you understand better what type of files Alcatraz Locker may encipher:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After the encryption process has completed, the files have a blank icon and have the .alcatraz file extension appended to them, for example:

alcatraz-encrypted-file-sensorstechforum

The ransomware also leaves an html file, named “ransomed.html” which contains the following notification towards the user:

“ALL YOUR DATA ARE ENCRYPTED.
Pay 0.5 BTC at {Cyber-criminals bitcoin address}
Your ID: User unique ID.
Q&A
Q: What’s happens?
A: You have been infected by a Alcatraz Locker
Q: What I have to do now?
A: The only method to get back your document is to pay.”

The victim is then led to an online payment page:

alcatraz-locker-payment-page-sensorstechforum

Remove Alcatraz Locker and Try To Restore Encrypted Files

In order to remove this ransomware and recover your files you won’t have to pay the ransom. Researchers are always working on discovering new decryptors for ransomware viruses by cracking them and this is why we advise you to wait for a decryptor as we will update this web page if it is realeased.

In the meantime you can remove Alcatraz yourself and look for alternative methods to restore your files by reading the file restoring and removal instructions below. Furthermore, you may remove this virus manually but it Is advisable if you lack the experience to do it automatically for maximum safety using an advanced anti-malware software.

Manually delete Alcatraz Locker from your computer

Note! Substantial notification about the Alcatraz Locker threat: Manual removal of Alcatraz Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Alcatraz Locker files and objects
2.Find malicious files created by Alcatraz Locker on your PC

Automatically remove Alcatraz Locker by downloading an advanced anti-malware program

1. Remove Alcatraz Locker with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Alcatraz Locker
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.