Ransomed.html is the ransom note, carried by a ransomware many in the industry know as Alcatraz Locker which appends the .Alcatraz file extension to the encoded files. This virus is known as dropping an orange/gray notification with detailed instructions leading to a payment page where the victim is demanded to pay the sum of 0.5 BTC ransom to get the files back.
Alcatraz Locker – More Information
Then the virus creates multiple files in key Windows folders, like
Shortly after this, the Alcatraz Locker ransomware “locks” the files by appending encryption algorithm on bytes of their code which makes them seem corrupt. The encrypted files appear like the following:
To decrypt your files, we have provided instructions below, but before proceeding with them, we advise following the “Stage 1” instructions for removing Alcatraz Locker swiftly from your PC, first.
Stage 1 – Remove Alcatraz Locker
Manually delete Alcatraz Locker from your computer
Note! Substantial notification about the Alcatraz Locker threat: Manual removal of Alcatraz Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Alcatraz Locker by downloading an advanced anti-malware program
Stage 2 – Decrypt .Alcatraz Locked Files
The first thing that you have to do when decrypting files which have been encrypted by this virus is save the encrypted files in a copy, somewhere else, for example on a flash drive, just in case.
Then you should download the Alcatraz Locker Decrypter from Avast by clicking on the button below:
Save the avast_decryptor_alcatrazlocker.exe somewhere where you can easily find it and open it. Then run it as an administrator. As soon as you launch it, the screen below will appear. From this screen, click on “Next”.
Then select the drive in which you want files decrypted. In case you just wish to decrypt a custom folder, you can chose the “Add Folder”(marked in orange below) option and navigate to a custom folder to decrypt it. After choosing a folder, click on the “Next” button once more:
Now you should have come to “Add an example file” screen. This screen is where you will find an actual decryption key to decrypt the rest of the files. You should find one original file and one encrypted file with the .Alcatraz file extension.
Just like the instructions on the page say, if you cannot identify an original file and an encrypted file , do not worry. Simply find another Windows machine and look for original file in the following folders:
For newer Windows (8, 8.1, 10):
For Windows 7 and earlier:
After you have located the files, click on the “Next” button and the decryption sequence should commence. If you have chosen a lot of files for decryption, bear in mind that the process may take some time. This is why we advise you to set your computer to never shut down, just in case. Here are the instructions for this:
1-Click once on the icon for the power (battery icon) in your system tray that is located next to your clock in the bottom right. After this, a menu will appear and on it click on More Power Options.
2-After the Power Options menu shows up, click on Change Plan Settings to open the settings.
3-In there, make sure you set everything from “Turn off the display” to “Put Computer to Sleep” in all modes to “Never”.
4-Now go to “Change Advanced Plan Settings” and go to the expanding “Hard Disk” setting from the list and set it’s settings to “Never” as well.
Alcatraz Locker Ransomware Decryption – Conclusion
As a bottom line, you can be happy if you have decrypted your files and feel lucky too. Many ransomware victims are still on the line and waiting for decryptors to be released. However, not every ransomware virus has flaws in their encryption code. This is why you should make sure to know how to protect your data in the future. We advise reading the following related article: