Alcatraz Ransomware

Posted by Max Lehmann on November 7, 2016

What is Alcatraz Ransomware?

Alcatraz Ransomware is yet another severe threat that has just hit the web recently. This ransomware program targets one of your main directories and encrypts most of your files, including your .exe files. This could be a major loss for you and yet another proof that it pays to be cautious and to keep a backup copy of your files on a portable drive. If you had one now, you could be saved. If not, you would have to risk to pay the not so low ransom fee, which is unfortunately no guarantee for being able to decrypt your files. In fact, our malware researchers at anti-spyware-101.com do not advise you to pay the fee because you could be scammed and lose your money. But of course we cannot stop you from this. Nevertheless, we suggest that you remove Alcatraz Ransomware immediately, if you want to use your computer again. Please continue our article if you want to find out how this dangerous threat can end up on your computer and what you can do to avoid similar malicious attacks. test test

Where does Alcatraz Ransomware come from?

Just like most ransomware programs, including Cerber Ransomware and Onyx Ransomware, this malware infection also spreads via spam e-mails as a malicious attachment. You may believe that your mail server is protected by a spam filter and no harmful mails can pass through. Well, unfortunately, some can. But the trick of such a spam is that even if you notice it in your spam folder, you would consider it an important mail you need to see right away. These criminals may use totally legitimate-looking sender e-mail addresses so you could have no doubt that the mail is for real. Then you would see the subject, which usually claims that the mail is in reference to a supposed unpaid parking ticket, unsettled invoice, an issue with a hotel booking, and the list goes on. The crooks of today are quite good at making up all kinds of convincing topics for unsuspecting computer users.

The biggest problem is not even opening this spam, although there are dangerous ones that can trigger the drop of an infection the moment you click on them. The worse thing is that you are made to believe that you need to check out the attached file and you most likely will, too. However, once you save this attachment and run it on your system, you doom the fate of your files and even if you delete Alcatraz Ransomware, you will not be able to save them from encryption, which is the worst that can happen to you. Let us tell you why.

How does Alcatraz Ransomware work?

After you double-click on the downloaded file attachment, it does not copy the ransomware executable anywhere on your system, but simply uses the same file to operate from. Therefore, it is quite easy to identify it even if it has a random name. This ransomware infection uses the good old AES-256 encryption algorithm, which is a built-in Windows algorithm in fact. This is why the encryption might take a very short time. Our malware researchers have found that this infection mainly targets one directory, %USERPROFILE%, and of course all its subfolders. This malicious program encrypts even .exe files, which is quite rare. Your infected files get a new extension: ".Alcatraz." When all the vicious operations are over, a ransomware note file is created on your desktop with the name "ransomed.html."

This .html file is run then automatically, so this could be the first moment you actually realize that something is off here. This is a rather short note indeed that only states that all your data have been encrypted and that you are to send 0.5 Bitcoin, i.e., around $350, to the given Bitcoin wallet. You can also see a sort of Q&A session below that tries to convince you about the urgency and importance of transferring this money to these crooks. This is quite a lot of money but this is not even the only reason why we do not recommend paying. Unfortunately, there is a good chance that these criminals will not even bother to decrypt your files for starters. But our experience also shows that there could be technical issues as well, such as the infection losing communication with the Command and Control server, which would mean the loss of your unique decryption key as well. Let us hope that you have a backup copy on a portable medium, which would save the day today. But before you would rush to transfer the clean files back to your hard disk, we suggest that you remove Alcatraz Ransomware right away.

How can I delete Alcatraz Ransomware?

Finally, we are here with the solution. The only good news about this dangerous ransomware threat is that you can easily stop its invasion. With our help, you can delete the necessary files to make sure there are no leftovers. As for the encrypted files, you can keep them if you want because a free tool might hit the web in the coming weeks or months that could recover your files. But, if you do not mind to lose them all, you can simply bin them for good. Please follow our instructions below if you want to fight this ugly threat manually. The problem is that this may not even be the only malicious program on board; or, worse yet, this may not be the last time that such a serious threat entered your system. Therefore, we suggest that you consider using a proper malware removal program, such as SpyHunter, or any other security tool you find reliable and matching your criteria.