Fjern Alfa Ransomware og gendannelse .bin krypterede filer - Hvordan, Teknologi og pc-sikkerhed Forum | SensorsTechForum.com
TRUSSEL FJERNELSE

Fjern Alfa Ransomware og gendannelse .bin krypterede filer

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...

Alfa-decryptor-sensorstechforum-ransomwareNy løsesum virus, bærer navnet Alfa har optrådt. Det bruger en stærk cipher til at kryptere filer tilføje .bin-fil udvidelse til dem og gør dem ikke længere tilgængelig. For at genoprette adgangen til filerne, Alfa demands via a ransom message the sum of 1.5 BTC from its victims to buy a so-called Alfa Decryptor. This ransomware spreads via a malicious executable and all users who have been infected should be advised not to pay any money to cyber-criminals. I stedet, it is strongly recommended to try removing the malware with the instructions provided in this article and try our suggested alternative solutions to attempt restoring the damage done by Alfa Ransomware.

Trussel Summary

Navnalfa
TypeRansomware
Kort beskrivelseThe ransomware encrypts files using a strong encryption and asks for 1 til 1.5 BTC i løsesum payoff.
SymptomerFiles are encrypted and become inaccessible and the .bin file extensions added. Ransom note files appear as .TXT and .HTML files.
DistributionsmetodeSpam e-mails, Vedhæftede filer
Værktøj Detection See If Your System Has Been Affected by Alfa

Hent

Værktøj til fjernelse af malware

BrugererfaringTilmeld dig vores forum til Discuss Alfa Ransomware.
Data Recovery ToolWindows Data Recovery af Stellar Phoenix Varsel! Dette produkt scanner dine drev sektorer til at gendanne mistede filer, og det kan ikke komme sig 100% af de krypterede filer, men kun få af dem, afhængigt af situationen og uanset om du har omformateret drevet.

Alfa Ransomware’s Distribution Methods

If it is to be widespread and infect maximum amount of users, Alfa Ransomware has to have a very powerful distribution technique. This is why it may use massively spread spam message campaigns to distribute its malicious files. The spam campaign may include the distribution of various files attached to e-mails that seem legitimate. An example of topics of spam e-mails which have the malicious payload of Alfa Ransomware are:

  • “Your confirmation mail.”
  • “Your free software installation.”
  • “Payment confirmation.”
  • "Din konto er blevet suspenderet."

Upon opening the malicious attachment in the e-mail, the user may open an exploit kit or a Trojan.Downloader which is obfuscated to conceal itself from real-time shields of antivirus programs. To prevent further infections, it may be a good solution to download second generation cloud-based antivirus-software, lignende Heimdal Pro, for eksempel.

Alfa Ransomware – In Depth Analysis

As soon as a computer has been infected by Alfa Ransomware, it gives the virus the permissions to create its malicious files:

  • In %UserProfile%\AppData\Roaming\Microsoft\Essential\, the file msestl32.exe
  • README HOW TO DECRYPT YOUR FILES.HTML
  • README HOW TO DECRYPT YOUR FILES.TXT

Pretending to be Microsoft Essentials free antivirus security software, Alfa Ransomware also creates registry entries so that it runs everytime Windows is booted up:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MSEstl “%UserProfile%\AppData\Roaming\Microsoft\Essential\msestl32.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\ {random value string}

As soon as the encryptor (msestl32.exe) is ran on the infected computer, Alfa Ransomware starts to scan the computer and encrypt the files in it. It looks for videos, lydfiler, databaser, different document file formats, etc. The file extensions that may be affected could be the following:

→ .c, .h, .m, .til, .cs, .db, .nd, .pl, .ps, .py, .rm, .3dm, .3ds, .3fr, .3g2, .3gp, .men, .ARW, .ASF, .ASX, .avi, .bag, .bugt, .cdr, .himmel, .cpp, .CR2, .crt, .CRW, .dbf, .dcr, .dds, .den, .af, .DNG, .doc, .dtd, .dwg, .dxf, .DXG, .bryst, .EPS, .ERF, .fla, .flvv, .HPP, .IIf, .JPE, .jpg, .KDC, .nøgle, .tage, .M4V, .max, .CIS, .mdf, .MEF, .mov, .mp3, .mp4, .mpg, .MRW, .msg, .kirkeskibet, .NK2, .NRW, .OAB, .obj, .ODB, .Ep, .ODM, .Svar, .afsnit, .odt, .orf'en, .ost, .p12, .p7b, .p7c, .hjælpe, .ikke, .pct, .bps, .PDD, .pdf, .PEF, .PEM, .pfx, .pps, .ppt, .PRF, .PSD, .pst, .PTX, .altoverskyggende, .QBB, .QBM, .ICBm'ere, .QBW, .qbx, .qby, .R3D, .raf, .rå, .rtf, .RW2, .RWL, .sql, .SR2, .SRF, .srt, .SRW, .svg, .swf, .tex, .tga, .THM, .pcs, .txt, .vob, .wav, .WB2, .wmv, .WPD, .WPS, .ingen, .XLK, .XLR, .xls, .lavere satser, .tilbage, .docm, .docx, .flac, .indd, .java, .jpeg, .pptm, .pptx, .xlsb, .xlsm, .XLSX Source: Hackmag.com

Ud over de, Alfa ransomware may also delete shadow volume copies, by executing a privileged command in Windows Command Prompt:

skygge-kommando-sensorstechforum-3

The encrypted files may be scrambled with either RSA or AES cipher or even both at the same time. Encrypted files’ names are changed and they are appended the .bin file extension. The name is a unique identification number for the infected computer, for eksempel:

  • 23039593.er

Efter kryptering, Alfa drops its ransom message on the compromised computer in the form of a .TXT and .HTML files:

readme-files-alfa-ransowmare-sensorstechforum

The files both have the same content:

Untitled-2

They also have instructions on how to open the page of Alfa ransomware which contains its “Alfa Decryptor” and additional instructions on how to use Tor Networking to pay the ransom:

alfa-decryptor-main-page-sensorstechforum

Alfa Ransomware – Conclusion, Fjernelse og File dekryptering

Afslutningsvis, Alfa Ransomware appears to be an entirely new ransomware virus and it may use advanced encryption. The virus may also delete backups and include a so called CBC mode which breaks the files permanently if you try to directly encrypt them. Cyber-criminals behind Alfa Ransomware have created this virus for one and only purpose – to make profit. Since by paying to them, you support the development of their operation and there may not be a guarantee that you are getting access to the files again, malware experts strongly advise against it.

If you want to fully erase Alfa Ransomware fra din computer, we urge you to follow the instructions posted after this article. They will help you find the files of this ransomware and erase them permanently. For de bedste resultater, experts advise the usage of an anti-malware program that will assist you with automatically detecting and removing all files and registry objects created by Alfa Ransomware and protect you from future infections as well.

In case you wish to decrypt your files, på dette tidspunkt, der er ingen direkte opløsning. Men, we will post an update in this article if a decryptor has been released to the public. I mellemtiden, vi råde dig til at følge trin "3. Restore files encrypted by Alfa” to help you with restoring at least some of your files. You may also use the free decryption of Alfa Ransomware’s main page to at least restore one file for free.

Avatar

Ventsislav Krastev

Ventsislav har dækket de nyeste malware, software og nyeste tech udviklinger på SensorsTechForum for 3 år nu. Han startede som en netværksadministrator. Have uddannet Marketing samt, Ventsislav har også passion for opdagelsen af ​​nye skift og innovationer i cybersikkerhed, der bliver spillet skiftere. Efter at have studeret Value Chain Management og derefter Network Administration, han fandt sin passion inden cybersecrurity og er en stærk tilhænger af grunduddannelse for alle brugere mod online sikkerhed.

Flere indlæg - Websted

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...