Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by .Alcatraz Locker

This article will help you remove Alcatraz Locker ransomware and successfully decrypt your files in case they have been encrypted by this virus.

Ransomed.html is the ransom note, carried by a ransomware many in the industry know as Alcatraz Locker which appends the .Alcatraz file extension to the encoded files. This virus is known as dropping an orange/gray notification with detailed instructions leading to a payment page where the victim is demanded to pay the sum of 0.5 BTC ransom to get the files back.

Alcatraz Locker – More Information

In order to deal maximum damage to victims, this virus may use a sophisticated combination of malware obfuscators, JavaScript malware, file joiners, spam bots and other software which will ensure successful infection. The Alcatraz Locker virus will also ensure the successful communication with the Command and Control servers of the cyber-criminals via different protocols (HTTP, TCP, UDP).

Then the virus creates multiple files in key Windows folders, like

  • %AppData%
  • %Startup%
  • %System32%
  • %Windows%

Shortly after this, the Alcatraz Locker ransomware “locks” the files by appending encryption algorithm on bytes of their code which makes them seem corrupt. The encrypted files appear like the following:

To decrypt your files, we have provided instructions below, but before proceeding with them, we advise following the “Stage 1” instructions for removing Alcatraz Locker swiftly from your PC, first.

Stage 1 – Remove Alcatraz Locker

Manually delete Alcatraz Locker from your computer

Note! Substantial notification about the Alcatraz Locker threat: Manual removal of Alcatraz Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Alcatraz Locker files and objects
2.Find malicious files created by Alcatraz Locker on your PC

Automatically remove Alcatraz Locker by downloading an advanced anti-malware program

1. Remove Alcatraz Locker with SpyHunter Anti-Malware Tool and back up your data

Stage 2 – Decrypt .Alcatraz Locked Files

The first thing that you have to do when decrypting files which have been encrypted by this virus is save the encrypted files in a copy, somewhere else, for example on a flash drive, just in case.

Then you should download the Alcatraz Locker Decrypter from Avast by clicking on the button below:

Save the avast_decryptor_alcatrazlocker.exe somewhere where you can easily find it and open it. Then run it as an administrator. As soon as you launch it, the screen below will appear. From this screen, click on “Next”.

Then select the drive in which you want files decrypted. In case you just wish to decrypt a custom folder, you can chose the “Add Folder”(marked in orange below) option and navigate to a custom folder to decrypt it. After choosing a folder, click on the “Next” button once more:

Now you should have come to “Add an example file” screen. This screen is where you will find an actual decryption key to decrypt the rest of the files. You should find one original file and one encrypted file with the .Alcatraz file extension.

Just like the instructions on the page say, if you cannot identify an original file and an encrypted file , do not worry. Simply find another Windows machine and look for original file in the following folders:

For newer Windows (8, 8.1, 10):
C:\Windows\Web\Wallpaper
C:\Windows\Web\Screen
C:\Windows\Web\4K\Wallpaper\Windows\
For Windows 7 and earlier:
C:\Users\Public\Pictures
C:\Users\{Username}\Pictures

After you have located the files, click on the “Next” button and the decryption sequence should commence. If you have chosen a lot of files for decryption, bear in mind that the process may take some time. This is why we advise you to set your computer to never shut down, just in case. Here are the instructions for this:

1-Click once on the icon for the power (battery icon) in your system tray that is located next to your clock in the bottom right. After this, a menu will appear and on it click on More Power Options.
2-After the Power Options menu shows up, click on Change Plan Settings to open the settings.
3-In there, make sure you set everything from “Turn off the display” to “Put Computer to Sleep” in all modes to “Never”.
4-Now go to “Change Advanced Plan Settings” and go to the expanding “Hard Disk” setting from the list and set it’s settings to “Never” as well.

Alcatraz Locker Ransomware Decryption – Conclusion

As a bottom line, you can be happy if you have decrypted your files and feel lucky too. Many ransomware victims are still on the line and waiting for decryptors to be released. However, not every ransomware virus has flaws in their encryption code. This is why you should make sure to know how to protect your data in the future. We advise reading the following related article:

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.