Remove Red Alert Virus and Restore .locked Files

Remove Red Alert Virus and Restore .locked Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article aims to aid you in removing Red Alert virus fully. Follow the ransomware removal instructions at the end of the article.

Red Alert virus is a ransomware that gets its name from the ransom note it generates. The cryptovirus will encrypt your files and put the extension .locked to each and every one of them. The encryption algorithm that is used is AES. Researchers believe that it is a variant of HiddenTear. To see how you can try to restore your files read the article carefully.

Threat Summary

NameRed Alert
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware will encrypt your files and afterward display a ransom note with instructions for payment.
SymptomsThe ransomware will encrypt your files and put the extension .locked to each one of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Red Alert


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Red Alert.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Red Alert Virus – Infection

Red Alert ransomware could spread its infection using many different ways. One of those ways is by spreading the payload as an executable file. After that .exe file is opened, the malicious script inside it will infect your computer system. The executable might be presented as a crack file for the games of the NFS (Need for Speed) series. The file can also be presented as ”Microsoft-Corporation.exe”. You can view the analysis of that particular executable in question that contains the payload script, from the below screenshot of the VirusTotal website:

Red Alert ransomware could be spreading its payload on social media services and sites for file-sharing. The malicious script could be hidden inside the install setup of applications, which are advertised as helpful and legitimate. Do not just open files coming from suspicious sources, links and e-mails. First, scan them with security software and check their size and signatures for anything that seems out of the ordinary. You should give a read to the tips for ransomware prevention topic in our forum.

Red Alert Virus – Details

Red Alert virus is a ransomware which is named after the name given in the ransom message it provides – Red Alert. It is a variant of the open-source ransomware project HiddenTear.

Right after Red Alert ransomware encrypts your files it will place the extension .locked as the extension on each file that is locked. The ransomware is very likely to create entries in the Windows Registry to achieve some persistence. Those registry entries could make the cryptovirus start automatically with each boot of the Windows operating system.

The following files are associated with the ransom note, instructions and the wallpaper that is put as your desktop background after file encryption:

  • MESSAGE.txt
  • nouaISJakoKASasdij.txt
  • wiASJiAjsKOQWEKnsyass.txt
  • ransom.jpg

When the process of encryption of your files is complete, an image will be placed as a wallpaper on your desktop background with the ransom instructions. You can see the ransom message from the screenshot right here below:

The ransom note reads the following:

All Your Files Has been Blocked !!!
To you unlock the files access “MESSAGE” file and follow the instructions or we will delete ALL your personal archives.

The BitCoin address that is provided for payment is 13h4GSyvr8Zno2nGrXqVtsEEn8DGw8oGXB. However, that data is for informative purposes only. You should NOT even consider of paying the criminals any amount of money. That would only result in the cyber crooks making more viruses with that money or encourage them of doing more criminal activities. Besides, know that nobody can guarantee that your files will get recovered if you pay the demanded sum of money.

The Red Alert ransomware encrypts files and appends the .locked extension to each and every one of them. The encryption algorithm which is used is believed to be AES and malware researchers state that the ransomware is a variant of the HiddenTear open-source project. A list with extensions of files which the virus searches to encrypt is not available, but you can see some of these extensions below:

→.doc, .docx, .pdf, .db, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx

The Red Alert cryptovirus is very likely set to erase all Shadow Volume Copies from the Windows operating system by utilizing the command given here:

→vssadmin.exe delete shadows /all /Quiet

Read along and find out what types and methods you can try out to restore at least parts of your files.

Remove Red Alert Virus and Restore .locked Files

If your computer got infected with the Red Alert ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Red Alert.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share