Alcatraz Locker Remove and Restore .Alcatraz Files - How to, Technology and PC Security Forum |

Alcatraz Locker Remove and Restore .Alcatraz Files

ransomed-html-alcatraz-locker-sensorstechforumRansomed.html – this is the file, victims whose files have been encrypted by the new Alcatraz Locker ransomware virus. The virus appends the .alcatraz file extension to the encrypted files and it is particularly dangerous, because it may slither onto your computer via fake phishing web page. After infection has been completed, the ransomware virus immediately begins to drop it’s .html ransom note which leads to the notification giving users a deadline to pay the sum of 0.50 BTC in ransom payoff. Anyone who has been infected by Alcatraz Locker should focus on immediately removing the malware themselves and read this article for more information on how to revert the encrypted files.

Threat Summary


Alcatraz Locker

Short DescriptionAlcatraz Locker uses a strong cipher to encrypt files of the infected computers and leave 7 days deadline to pay 0.50 BitCoins.
SymptomsThe user may witness ransom note with instrucions as a ransomed.html type of file which leads to instructions and a payment page where the user should pay in BitCoin. The file extension .alcatraz is added to the encrypted files.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Alcatraz Locker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does Alcatraz Locker Spread

To cause a maximum number of infections, Alcatraz Locker ransomware uses advanced combination of tools that increase the likelihood of a successful infection process. These tools may be:

  • Malware obfuscators.
  • JavaScript malware.
  • File Joiners.
  • Spam bots.
  • Trojan.Downloaders.

Once Alcatraz Locker has been installed onto a user computer, the virus has been reported to connect to a remote server and may download the malicious payload via one of the below-mentioned protocols:

  • HTTP.
  • TCP.
  • UDP.

What Does Alcatraz Locker Do?

After infection by Alcatraz Locker has completed, the virus may begin to cause several different issues on the infected computer. For instance, the machine’s screen may flash, errors might be displayed via several different messages and so on and so forth.

As soon as the infection process is complete, Alcatraz Locker may have multiple files in several Windows folders:

  • %AppData%
  • %Startup%
  • %System32%
  • %Windows%

After this, the virus may have modified registry entries that make it’s encryption support module run every time Windows has started. The usual registry sub-keys that can make this achievable are the Run and RunOnce keys, located in two Keys:


After the virus has set up, it uses several different techniques to render the user files no longer openable. More specifically, Alcatraz Locker may append a cryptographically strong encryption algorithm to render the files no longer accessible. For the encryption, Alcatraz Locker may attack several different types of files, primarily videos, music, audio files, images and others. Here is an example of commonly used file extensions to help you understand better what type of files Alcatraz Locker may encipher:


After the encryption process has completed, the files have a blank icon and have the .alcatraz file extension appended to them, for example:


The ransomware also leaves an html file, named “ransomed.html” which contains the following notification towards the user:

Pay 0.5 BTC at {Cyber-criminals bitcoin address}
Your ID: User unique ID.
Q: What’s happens?
A: You have been infected by a Alcatraz Locker
Q: What I have to do now?
A: The only method to get back your document is to pay.”

The victim is then led to an online payment page:


Remove Alcatraz Locker and Try To Restore Encrypted Files

In order to remove this ransomware and recover your files you won’t have to pay the ransom. Researchers are always working on discovering new decryptors for ransomware viruses by cracking them and this is why we advise you to wait for a decryptor as we will update this web page if it is realeased.

In the meantime you can remove Alcatraz yourself and look for alternative methods to restore your files by reading the file restoring and removal instructions below. Furthermore, you may remove this virus manually but it Is advisable if you lack the experience to do it automatically for maximum safety using an advanced anti-malware software.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share