Remove Alphabet Ransomware and Restore Your Files

Remove Alphabet Ransomware and Restore Your Files

This article will aid you in removing the Alphabet ransomware totally. Follow the ransomware removal instructions given at the end of the article.

Alphabet ransomware is a cryptovirus that also has the function of a lockscreen. At first, the ransomware is presented as an update for Window 10. An older version of the virus contained the code to unlock the screen, but newer ones do not and encrypt your files as well. After your files become encrypted, the Alphabet cryptovirus displays a ransom message with a lockscreen containing demands for purchasing a decryption key. Keep reading to see in what ways you could try to restore some of your data.

Threat Summary

Short DescriptionThe ransomware encrypts files on your computer and displays a ransom message afterward.
SymptomsThe ransomware will encrypt your files and put a lockscreen on your desktop preventing you from using it. It is masked as a Windows 10 update.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Alphabet


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Alphabet.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Alphabet Ransomware – Delivery Tactics

Alphabet ransomware could be delivered via different tactics. First of all, the NET Framework 4.5.2 service might be required for the payload file of the virus to be able to run. The payload file that initiates the malicious script for the ransomware is built in a clever way. Clever, because when executed, the ransomware is presented as an update for Window 10 as you can see from the picture right here:

Alphabet ransomware might also be delivering that payload file on social media sites and file-sharing networks. Freeware programs found on the Web might be promoted as useful but also could be hiding the malicious script for the cryptovirus. Don’t open files right after you have downloaded them, especially if they come from dubious sources, links or e-mails. Better yet, you should first scan them with a security tool. Moreover, you should check the size and signatures for each of these files for anything that seems out of place. You might want to read the ransomware preventing tips thread in the forum section of our site.

Alphabet Ransomware – In-Depth Analysis

Alphabet ransomware a cryptovirus with a lockscreen function and it seems that is still in development. However, that doesn’t stop it from being active, encrypting users’ files and also using that lockscreen’s option to its full extent.

Alphabet ransomware could make entries in the Windows Registry to achieve persistence. Those registry entries are usually designed in a way that will start the virus automatically with each launch of the Windows Operating System.

The ransom note will appear right after the encryption process is done. The note states what the demands of the cybercriminals are for decrypting your files. You can check out the ransom note from the screenshot below:

That ransom note reads the following:

Your computer has been struck by the Alphabet Ransomware. All your documents are encrypted with the strongest encryption algorithms.
There is no way to decrypt your files without purchasing a special decryption key and typing it here.
If you will kill this application, the decryption key will be destroyed aswell
and NO ONE will be able to decrypt your files.

Decryption code:
Your files were encrypted on 13:55:00

In case you got an older version, you will have it in red, and instead the phrase “Your files were encrypted on”, you will get another one as ending of the ransom note:

That part of the note contains the code with which you can remove the screenlocker and states the following:

Since this is a debug version, here is your key … :/

The cybercriminals who are behind the Alphabet virus have laid out their demands in the ransom message. However, you should NOT contact them under any circumstance or pay them. There is no guarantee that your files will get recovered, and nobody could give you that guarantee. Also, giving money to those crooks will likely just support them financially and probably give them a bigger motivation to further develop their ransomware or do more criminal acts.

Currently, there is no list with file extensions that the Alphabet ransomware seeks to encrypt. The article will be updated if there is anything new in that regard or a new version of the ransomware is found that reveals more details.

The Alphabet cryptovirus probably also seeks to delete the Shadow Copies from the Windows operating system with using the following command:

→vssadmin.exe delete shadows /all /Quiet

Continue reading and find out what methods you can try out to restore some of your files.

Remove Alphabet Ransomware and Restore Your Files

If your computer got infected with the Alphabet ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share