In a previous post, we discussed the growing – and lucrative – hacking trend, ransomware. For years, the malware infected vulnerable computers and demanded large sums of money to unlock the computer system. More recent and popular forms of malware encrypt files on the system’s hard drive.
Typically, encryption is a useful tool that keeps private data unseen by users without the encryption key. However, in the case of this malware, the encryption locks a user out of their files without the key.
What is Alpha Crypt?
Among this more common form of ransomware is the recently discovered, Alpha Crypt – “a file encrypting ransomware, which will encrypt the personal documents found on a victim’s computer…” and demand ransom to restore the files. This new strain of ransomware displays a message that offers to decrypt the data if a payment is made within 96 hours. If no payment is made, the files are destroyed.
So far, Alpha Crypt has yielded $76,522 since February. From nonprofit organizations to small businesses, the criminals are seizing data files from most any vulnerable user, regardless of whether they are able to pay the ransom.
How does Alpha Crypt infiltrate a computer?
Alpha Crypt is usually distributed by a user navigating to a malicious website, visiting a website that has been hacked, or opening a spam email or attachment infected with the malware.
What makes Alpha Crypt unique compared to other ransomware?
Alpha Crypt (ZZ 78) targets all versions of Windows, including Windows XP, Windows Vista, Windows 7, and Windows 8. Compared to previous ransomware, Alpha Crypt uses a different method to encrypt the user’s files; it uses AES-265 and RSA encryption method in order to ensure that the affected user has to purchase the private key.
What happens when Alpha Crypt is installed?
When Alpha Crypt infects a computer, it does the following:
- Creates a randomly named, executable file in the %AppData% or %LocalAppData% folder.
- Launches file and begins to scan all the drive letters on your computer for data files to encrypt.
- Searches for files with certain extensions to encrypt. The files it encrypts include important productivity files, such as .doc, .docx, .xls, .pdf, and others.
- Appends a new .EZZ extension to the file name.
- Creates a HELP_TO_Save_Files.txt file ransom note in each folder that a file has been encrypted and on the Windows desktop.
What can I do to prevent Alpha Crypt?
Avoid it. To prevent Alpha Crypt, or any other form of malware, be a knowledgeable and careful user – carefully watch and control what sites you visit, what you click on, and what files you open. Additionally, have a pro-active management agent on your computer. If you are a SeedSpark managed services client, you already have an agent that handles anti-virus and malware mitigation.
If your computer is infected with Alpha Crypt, call your managed services provider or SeedSpark immediately to explore options to remove and restore it without paying a ransom fee. At SeedSpark, we want to help you protect, prevent, and secure your data from cyber criminals. If you have any questions about ransomware, malware, or viruses, please email or call us today.