How to Recover Alpha Ransomware Files
Alpha Ransomware Description and Removal Instructions:
Malware Category: Ransomware
Alpha Ransomware is the latest version of Crypto-Ransomware viruses. Alpha Ransomware targets PCs running Windows OS and asking for a $400 ransom in the form of an iTunes gift card. Every file that has been encrypted will have its extension changed to: .encrypt. Fortunately, there is a way of decrypting the files encrypted by Alpha Ransomware.
The distribution of Alpha Ransomware is related to installing different third-party toolbars, all kinds of free software, files from P2P networks and torrents, random clicking on ads, pop-up windows, banners, or even downloading attached files from your personal e-mail inbox or other file sharing applications, bogus flash player and fake video software for viewing online content.
When running, Alpha Ransomware will start encrypting certain types of files stored on local or mounted network drives using a AES-256 bit public-key cryptography, with the private key stored only on a control server. The ransomware will encrypt files on the main drive with the following extensions:
.3ds, .3fr, .3pr, .ab4, .ac2, .accdb, .accde, .accdr, .accdt, .acr, .adb, .agd1, .ai, .ait, .al, .apj, .arw, .asm, .asp, .aspx, .awg, .backup, .backupdb, .bak, .bat, .bdb, .bgt, .bik, .bkp, .blend, .bmp, .bpw, .c, .c, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfp, .cgm, .cib, .class, .cls, .cmd, .cmt, .cpi, .cpp, .cr2, .craw, .crt, .crw, .cs, .csh, .csl, .css, .csv, .dac, .db, .db3, .dbf, .db-journal, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .der, .design, .dgc, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dwg, .dxb, .erbsql, .erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fpx, .fxg, .gif, .gray, .grey, .gry, .h, .h, .hbk, .hpp, .html, .ibank, .ibd, .ibz, .idx, .iiq, .incpas, .jar, .java, .jpeg, .jpg, .js, .kc2, .kdbx, .kdc, .kpdx, .lua, .mdb, .mdc, .mef, .mfw, .mmw, .moneywell, .mos, .mpg, .mrw, .myd, .ndd, .nef, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nwb, .nx1, .nx2, .nyf, .odb, .odf, .odg, .odm, .odp, .ods, .odt, .orf, .otg, .oth, .otp, .ots, .ott, .p12, .p7b, .p7c, .pat, .pcd, .pdf, .pef, .pem, .pfx, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps, .psafe3, .psd, .ptx, .py, .ra2, .raf, .raw, .rdb, .rtf, .rw2, .rwl, .rwz, .s3db, .sas7bdat, .sav, .sd0, .sd1, .sda, .sdf, .sldm, .sldx, .sln, .sql, .sqlite, .sqlite3, .sqlitedb, .sr2, .srf, .srw, .st4, .st5, .st6, .st7, .st8, .stc, .std, .sti, .stw, .stx, .svg, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .txt, .vb .vbs, .wb2, .x3f, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .ycbcra
Alpha Ransomware will create Read Me (How Decrypt) !!!!.txt and put a shortcut to it in every folder where a file was encrypted. It will also change your desktop wallpaper. Those files contain instructions explaining how to pay the ransom. Alpha Ransomware creates the following file %APPDATA%\Windows\svchost.exe. For the victims to pay the ransom, the virus requests them to send the gift card to a specific e-mail address: email@example.com; firstname.lastname@example.org; email@example.com; firstname.lastname@example.org; email@example.com.
Alpha Ransomware will not just encrypt files and block your computer, it will also collect valuable information that will be sent to the control servers. Such software could lead to more malware coming into your computer and even cause a loss of data. Such threats are not to be underestimated!
If you are infected, we at SpywareTechs.com recommend you to download SpyHunter Malware Security Suite in order to remove the infection automatically:
Once you get rid of Alpha Ransomware (see how to remove Alpha Ransomware in our article), you can try to recover your files using the methods below:
How to Recover Files Encrypted by Alpha Ransomware:
You can try to recover your files from a system backup. If there is no backup available, one can try to restore the files using the Shadow Copy Service. Windows XP Service Pack 2 and future versions have an integrated feature called Shadow Copy Service which will automatically create backup copies of your files. This method is not bullet-proof, as Alpha Ransomware may delete the shadow copies.
1. How to Restore Files Using the Shadow Copy Service:
Method 1. Using Windows Previous Version tab:
*The Windows System Protection service must`ve been enabled before the infection, otherwise it will not work.
- Right-click on the encrypted file, select Properties from the menu.
- Click on “Previous Version” tab (If missing, this means that Windows System Protection has not been enabled).
- Choose a previous version copy and click on the Copy button. Select a directory you wish to recover the file to, or you can try to restore the selected file, directly, by hitting the Restore button.
The method could be used to recover an entire folder. Just right-click on the highlighted folder and select Properties, and then Previous Version tab.
Method 2. Using Shadow Explorer:
Using Shadow Explorer to restore whole folders. You can download the program from the link below:
Download and run the program. A list of available drives will show up on the left side. Beside it, you will see available dates for created shadow copies. One could select the drive and the date to restore to.
2. How to Recover Files Encrypted by Alpha Ransomware using AlphaDecrypter:
Michael Gillespie was able to crack the Alpha Ransomware and develop a decryptor tool called AlphaDecrypter.
1. Download AlphaDecrypter from the following link, save it on your desktop and then extract the archive. The archive is password-protected. The password is: false-positive
2. When you start the decrypter tool, you have to select drive that you want to decrypt by clicking on “Select Directory”.
3. After that click on “Decrypt My Files” and AlphaDecrypter will start scanning for all files with the .encrypt extension and will try to decrypt them.
Nevertheless, if you want to be protected from Alpha Ransomware, get SpyHunter!