Ransomware Alpha

Alpha Ransomware first appeared in July 2016, since then it has been active. The group performs attacks and breaks into systems with a similar method as other ransomware, but it has something different, after breaking into the system the first thing it does is create an automatic execution called Microsoft, and with this execution even if the victim shuts down or restarts the computer the encryption process will continue.

This is because after the computer starts up, this execution is started automatically and the encryption resumes.

After encrypting the data, an extension is added to the files (.encrypt). Encryption is performed on only 249 specific file types in the Desktop, My Pictures and Cookies folders. However, on other shared drives and folders it encrypts all files.

The group has a very peculiar method of payment, initially by mid-2016, the collection amount was $400 in iTunes gift certificates, nowadays their attacks are paid in both bitcoins and Amazon vouchers.

Currently the ransom fee is around 1.5 bitcoin, but this amount varies depending on the size of the company.

The reason criminals use bitcoin and vouchers is to maintain anonymity, as these currencies are almost impossible to trace.

The ransomware leaves a file named “README HOW TO DECRYPT YOUR FILES” that gives the instructions on how to pay.

The criminals allow victims to decrypt a selected file completely free of charge to increase the chances that the victim will pay the ransom.

Recover Files Encrypted by Alpha Ransomware

Digital Recovery is capable of recovering data encrypted by Alpha Ransomware. We have a unique technology called Tracer, which through millions of calculations can recover the encrypted files without the decryption key.

We have a team fully dedicated to the client, who will be accompanied by an expert during the entire process.

We are used to recover any ransomware extension. We recover HD, SSD, Storage, RAID, Virtual Machines and even Databases.

And our process is 100% reliable, signed the confidentiality agreement (NDA) and made based on LGPD (General Law of Data Protection).

We work 24×7 in emergency mode, so that the client has its data recovered and can get back to work, and also so that there is no delay in its projects.

If you have suffered a ransomware attack, and your data is encrypted, contact Digital Recovery and get a quote.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionized digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery