If you're pretty careful about what you do and don't download on your PC, it might shock you to know that in actual fact, you are almost wholly responsible for letting Alpha Crypt infect your computer. Why, you ask? It is because to enable a Trojan ransom to attack you in the first place, you must install the server component of the program. Of course, you don't do this wittingly; the ransomware has to con you into doing that. It will convince you that it is an innocent gift (or something useful) and that you really should accept it onto your PC.
Some variants of Alpha Crypt appear as pop-ups, caused by a previous infection of malware, others are packaged with files, apps or programs that are available for download on the internet, while others may be included as an attachment or link in an instant messenger chat app or an email sent to you by the programmer or disseminator of the malware. Open the attachment which is being distributed through the Angler Exploit Kit and, hey presto, you have triggered the ransomware simply by running the .exe file which will then install it. Once it is on your machine the server that the ransomware runs on will run the program each time you log on.
How much harm will Alpha Crypt do to me?
Plenty is the unfortunate answer to that. It is not nice, to say the least. It can cause serious issues that affect your hard drive and your operating system as well as your files, documents and other data. It will encrypt your files and append the .ezz extension to each of them. Since your files are encrypted and have this strange extension you can open them without a special decryption tool and decryption key. Both can be bought from cyber criminals. You just need to send then the RECOVERY_FILE.TXT file and of course pay a ransom. It's called AlphaTool Decryption Service. Don't get fooled, it's not your friendly decryption service run by geeks, it's in control of the same cyber criminals who created the Alpha Crypt ransomware. In short they can make using your computer an absolute nightmare – and that's not even taking into consideration the impact of lost data. When the encryption has finished, it will change your dekstop background to theHELP_TO_SAVE_FILES.bmp ransom note and then open the the HELP_TO_SAVE_FILES.txt ransom note. Finally it will open the Alpha Crypt encryptor program shown above. Bot the ransom note and encryptor program contain links and information on how you can pay pay the ransom to decrypt your files.
How can I ensure I don't get fooled by ransomware?
The good news is that there are things you can do to lower the risk of an attack from Alpha Crypt. Due to the way most ransom Trojans are spread, the biggest preemptive strike you can make is to never open emails if you don't know the sender. Opened one by mistake? Whatever you do, do not click on any links or open any attachments. The same goes for chat messages sent from unknown sources. You should also be wary even when you do know the sender before opening files or links as you never know if your contact has been hacked. Finally: a reputable antimalware – install one NOW if you haven't already!
What should you do if you've been infected by Alpha Crypt? Should you pay the fine?
In a word, no! There are two reasons for this: a) you're only encouraging further criminal activity and b) how do you know that you'll receive the decryption key anyway? If the encrypted files are not very important or you don't have money to pay the ransom, you can try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below like TeslaCrypt Decryption Tool by Cisco. Even better if you have backups or copies in the cloud. Please note that even of you decide to pay the ransom there's really no guarantee that cyber criminals will send you the private key and you will be able to decrypt your files. If you have any questions, please leave a comment down below. Good luck and be safe online!
Written by Michael Kaur, http://deletemalware.blogspot.com
Step 1: Removing Alpha Crypt and related malware:
Before restoring your files from shadow copies, make sure Alpha Crypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.
1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.
Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.
2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.
That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.
Step 2: Restoring files encrypted by Alpha Crypt virus:
Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.
Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.
Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.
Method 4: Try the TeslaDecoder Decryption Tool. Download TeslaDecoder tool and run it.
Method 5: Using the Shadow Volume Copies:
1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.
2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.
3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.
Hopefully, this will help you to restore all encrypted files or at least some of them.