Home Malware Programs Ransomware AlphaBetaCrypt Ransomware

AlphaBetaCrypt Ransomware

Posted: January 27, 2020

The AlphaBetaCrypt Ransomware is a file-locking Trojan that encrypts the media files on your computer so that they will not open. Further attacks include changes to filenames' extensions and ransom messages appearing, which borrow most of their text from the separate Scarab Ransomware family. Users should always have a backup stored safely for recovering any valuable work and let anti-malware solutions manage the removal of AlphaBetaCrypt Ransomware or intercepting installation attempts.

Just the ABCs of Ransoming Files for Bitcoins

Attacks by a file-locker Trojan that's not a part of the usual families are holding since the last month of 2019 and into the following year. Unusual quirks of the AlphaBetaCrypt Ransomware include an exception means of encryption, which accompanies mostly-vanilla symptoms and features, otherwise. The Trojan is a threat that's relevant to most Windows users, as it bases its extortion off of sabotaging standard formats like Excel spreadsheets, JPG pictures and PDF documents.

Like a majority of file-locking Trojans, including the Scarab Ransomware (whose Ransomware-as-a-Service this Trojan somewhat resembles) the AlphaBetaCrypt Ransomware blocks the user's media through encrypting the file data. It does so, however, with three algorithms – AES, RSA, and Salsa20, –, rather than the usual one or two. Unfortunately, this routine is secure against casual decryption or 'unlocking' via a third-party service, as malware experts can confirm regrettably.

The AlphaBetaCrypt Ransomware also changes extensions on these files to 'CRYPT' in all uppercase, like the far older Gomasom Ransomware. Additionally confusing its identity is the Scarab Ransomware note that it generates, but with different ID formatting and e-mails. Although the threat actor is basing his campaign off of Bitcoin payments, no prices or associated Web infrastructure, such as a TOR website, are making themselves apparent, at this article's date of writing. Nevertheless, users without backups have no other, clear solutions for recovering their blocked media.

Outsmarting an Alpha Predator of Digital Possessions

The AlphaBetaCrypt Ransomware is a Windows-based program and is being mistaken for a variant of the Razy Ransomware or the Crypren Ransomware by various security solutions and researchers. While the case of mistaken identity may lead users to an incompatible decryptor that will not recover their files, it doesn't prevent security services from flagging and quarantining the threat or blocking an installation exploit. Exploits related to file-locker Trojans often include social engineering tactics, such as fake e-mail attachments, torrents or software update pop-ups.

Besides avoiding dangers like downloading files recklessly, users also can protect themselves by turning off their browser's JavaScript and Flash. Installing security patches will further harden a system's defenses against automated intrusion attempts by Black Hat utilities. Lastly, a strong password will block brute-force attacks that are common against less well-protected servers and networks.

A backup is, however, a critical component of recovery from infection. Anti-malware software of all brands, while generally adept at removing the AlphaBetaCrypt Ransomware and threats like it, will not unlock any files or facilitate data recovery directly.

The AlphaBetaCrypt Ransomware's campaign is rotating through e-mail addresses over the months of its operations. While such behavior is, possibly, coincidental, it also might be an omen of a new family in the making – meaning that all users have one more, long-term opponent setting itself against their files.

Loading...