Webroot Discovers Fresh AlphaCrypt Ransomware

Webroot the security company says its security researchers have spotted one fresh ransomware known as AlphaCrypt in the wild. The malware resembles TeslaCrypt in appearance, however, works like Cryptowall 3.0.

Also it has been found that both AlphaCrypt and TeslaCrypt encrypt files upon setting infection on Windows computers with operating systems Windows Vista, Windows XP, Windows 8 or Windows 7. While it was in February end 2015 that TeslaCrypt made its debut, in April end 2015, it was AlphaCrypt's turn.

Similar to TeslaCrypt, the online site of AlphaCrypt offers a single file's decryption free of cost along with one support page to interact with the ransomware's owners.

Notably, AlphaCrypt has certain improvements over the look-alike TeslaCrypt such as erasing VSS for ensuring the victim isn't saved via the means of his shadow volume. There is also an assurance that the process is run silently, implying the victim will be shown no messages.

The infections by AlphaCrypt or TeslaCrypt leads to a computer scan of the victim's data-files followed with encryption of all those files utilizing AES encryption to lock the files firmly and never to be easily opened. This is followed with a list of instructions in an application regarding the way the locked files can be retrieved. The instructions include one web-link taking onto one Decryption Service page that tells the ransom sum, total files encrypted, as well as directions for the payment process. At nearly USD500, the first price of ransom begins that should be paid through Bitcoins. And there is a distinct bitcoin address for every victim to submit his payment to.

There are other characteristics as well of AlphaCrypt variant, according to security researchers at Webroot viz., it has an extremely high volatility as it creates more and more windows processes commonly used with an intense likeness of the way Cryptowall 3.0 runs. Help Net Security reported this dated May 5, 2015.

Security Researcher Brad Duncan with Rackspace a cloud computing firm too examined the malicious program to find that its present delivery is through the Angler attack toolkit. Help Net Security reported this, May 5, 2015.

» SPAMfighter News - 5/13/2015