Alpha Ransomware first appeared in July 2016, since then it has been active. The group performs attacks and invades systems with a similar method to other ransomware, but has something different, after invading the system the first thing done is to create an automatic execution called Microsoft, and with this execution even if the victim turns off or restarts the computer the encryption process will continue.
That’s because after the computer starts up, that execution is automatically started and returns the encryption.
After encrypting the data, an extension is added to the files (.encrypt). Encryption is done on only 249 specific file types in the Desktop, My Pictures and Cookies folders. However, on other shared drives and folders, it encrypts all files.
The group has a very peculiar method of payment, initially by mid 2016, the collection amount was $400 in iTunes gift vouchers, nowadays their attacks are paid in both bitcoins and Amazon vouchers.
Currently the ransom fee is around 1.5 bitcoin, but that amount varies depending on the size of the company.
The reason criminals use bitcoin and vouchers is to maintain anonymity, as these currencies are almost impossible to trace.
The ransomware leaves a file named “README HOW TO DECRYPT YOUR FILES” which gives the instructions on how to pay.
Criminals allow victims to decrypt a selected file completely free of charge to increase the chances that the victim will pay the ransom.
Digital Recovery is able to recover data encrypted by Alpha Ransomware. We have a unique technology called Tracer, which through millions of calculations can recover the encrypted files without the decryption key.
We have a fully dedicated team for the client, who will be accompanied by an expert during the entire process.
We are used to recover any ransomware extension. We recover HD, SSD, Storage, RAID, Virtual Machines and even Databases.
And our process is 100% reliable, signed the confidentiality agreement (NDA) and made based on General Data Protection Regulation (GDPR).
Working 24×7 in emergency mode, so that the client has their data recovered and can return to work, and also so that there is no delay in their projects.
If you have suffered a ransomware attack, and your data is encrypted, contact Digital Recovery and get a quote.
Learn more about data recovery and technology innovations.