Ransomed.html – this is the file, victims whose files have been encrypted by the new Alcatraz Locker ransomware virus. The virus appends the .alcatraz file extension to the encrypted files and it is particularly dangerous, because it may slither onto your computer via fake phishing web page. After infection has been completed, the ransomware virus immediately begins to drop it’s .html ransom note which leads to the notification giving users a deadline to pay the sum of 0.50 BTC in ransom payoff. Anyone who has been infected by Alcatraz Locker should focus on immediately removing the malware themselves and read this article for more information on how to revert the encrypted files.
|Short Description||Alcatraz Locker uses a strong cipher to encrypt files of the infected computers and leave 7 days deadline to pay 0.50 BitCoins.|
|Symptoms||The user may witness ransom note with instrucions as a ransomed.html type of file which leads to instructions and a payment page where the user should pay in BitCoin. The file extension .alcatraz is added to the encrypted files.|
|Detection Tool||See If Your System Has Been Affected by Alcatraz Locker.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Does Alcatraz Locker Spread
To cause a maximum number of infections, Alcatraz Locker ransomware uses advanced combination of tools that increase the likelihood of a successful infection process. These tools may be:
- Malware obfuscators.
- File Joiners.
- Spam bots.
Once Alcatraz Locker has been installed onto a user computer, the virus has been reported to connect to a remote server and may download the malicious payload via one of the below-mentioned protocols:
What Does Alcatraz Locker Do?
After infection by Alcatraz Locker has completed, the virus may begin to cause several different issues on the infected computer. For instance, the machine’s screen may flash, errors might be displayed via several different messages and so on and so forth.
As soon as the infection process is complete, Alcatraz Locker may have multiple files in several Windows folders:
After this, the virus may have modified registry entries that make it’s encryption support module run every time Windows has started. The usual registry sub-keys that can make this achievable are the Run and RunOnce keys, located in two Keys:
After the virus has set up, it uses several different techniques to render the user files no longer openable. More specifically, Alcatraz Locker may append a cryptographically strong encryption algorithm to render the files no longer accessible. For the encryption, Alcatraz Locker may attack several different types of files, primarily videos, music, audio files, images and others. Here is an example of commonly used file extensions to help you understand better what type of files Alcatraz Locker may encipher:
After the encryption process has completed, the files have a blank icon and have the .alcatraz file extension appended to them, for example:
The ransomware also leaves an html file, named “ransomed.html” which contains the following notification towards the user:
The victim is then led to an online payment page:
Remove Alcatraz Locker and Try To Restore Encrypted Files
In order to remove this ransomware and recover your files you won’t have to pay the ransom. Researchers are always working on discovering new decryptors for ransomware viruses by cracking them and this is why we advise you to wait for a decryptor as we will update this web page if it is realeased.
In the meantime you can remove Alcatraz yourself and look for alternative methods to restore your files by reading the file restoring and removal instructions below. Furthermore, you may remove this virus manually but it Is advisable if you lack the experience to do it automatically for maximum safety using an advanced anti-malware software.