Alcatraz Locker Remove and Restore .Alcatraz Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Alcatraz Locker Remove and Restore .Alcatraz Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Alcatraz Locker and other threats.
Threats such as Alcatraz Locker may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

ransomed-html-alcatraz-locker-sensorstechforumRansomed.html – this is the file, victims whose files have been encrypted by the new Alcatraz Locker ransomware virus. The virus appends the .alcatraz file extension to the encrypted files and it is particularly dangerous, because it may slither onto your computer via fake phishing web page. After infection has been completed, the ransomware virus immediately begins to drop it’s .html ransom note which leads to the notification giving users a deadline to pay the sum of 0.50 BTC in ransom payoff. Anyone who has been infected by Alcatraz Locker should focus on immediately removing the malware themselves and read this article for more information on how to revert the encrypted files.

Threat Summary

Name

Alcatraz Locker

TypeRansomware
Short DescriptionAlcatraz Locker uses a strong cipher to encrypt files of the infected computers and leave 7 days deadline to pay 0.50 BitCoins.
SymptomsThe user may witness ransom note with instrucions as a ransomed.html type of file which leads to instructions and a payment page where the user should pay in BitCoin. The file extension .alcatraz is added to the encrypted files.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Alcatraz Locker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does Alcatraz Locker Spread

To cause a maximum number of infections, Alcatraz Locker ransomware uses advanced combination of tools that increase the likelihood of a successful infection process. These tools may be:

  • Malware obfuscators.
  • JavaScript malware.
  • File Joiners.
  • Spam bots.
  • Trojan.Downloaders.

Once Alcatraz Locker has been installed onto a user computer, the virus has been reported to connect to a remote server and may download the malicious payload via one of the below-mentioned protocols:

  • HTTP.
  • TCP.
  • UDP.

What Does Alcatraz Locker Do?

After infection by Alcatraz Locker has completed, the virus may begin to cause several different issues on the infected computer. For instance, the machine’s screen may flash, errors might be displayed via several different messages and so on and so forth.

As soon as the infection process is complete, Alcatraz Locker may have multiple files in several Windows folders:

  • %AppData%
  • %Startup%
  • %System32%
  • %Windows%

After this, the virus may have modified registry entries that make it’s encryption support module run every time Windows has started. The usual registry sub-keys that can make this achievable are the Run and RunOnce keys, located in two Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

After the virus has set up, it uses several different techniques to render the user files no longer openable. More specifically, Alcatraz Locker may append a cryptographically strong encryption algorithm to render the files no longer accessible. For the encryption, Alcatraz Locker may attack several different types of files, primarily videos, music, audio files, images and others. Here is an example of commonly used file extensions to help you understand better what type of files Alcatraz Locker may encipher:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After the encryption process has completed, the files have a blank icon and have the .alcatraz file extension appended to them, for example:

alcatraz-encrypted-file-sensorstechforum

The ransomware also leaves an html file, named “ransomed.html” which contains the following notification towards the user:

“ALL YOUR DATA ARE ENCRYPTED.
Pay 0.5 BTC at {Cyber-criminals bitcoin address}
Your ID: User unique ID.
Q&A
Q: What’s happens?
A: You have been infected by a Alcatraz Locker
Q: What I have to do now?
A: The only method to get back your document is to pay.”

The victim is then led to an online payment page:

alcatraz-locker-payment-page-sensorstechforum

Remove Alcatraz Locker and Try To Restore Encrypted Files

In order to remove this ransomware and recover your files you won’t have to pay the ransom. Researchers are always working on discovering new decryptors for ransomware viruses by cracking them and this is why we advise you to wait for a decryptor as we will update this web page if it is realeased.

In the meantime you can remove Alcatraz yourself and look for alternative methods to restore your files by reading the file restoring and removal instructions below. Furthermore, you may remove this virus manually but it Is advisable if you lack the experience to do it automatically for maximum safety using an advanced anti-malware software.

Note! Your computer system may be affected by Alcatraz Locker and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Alcatraz Locker.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Alcatraz Locker follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Alcatraz Locker files and objects
2. Find files created by Alcatraz Locker on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Alcatraz Locker

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...