Cyber security analysts have discovered a new type of ransomware. This specific rouge program is called Alphacrypt. It is similar to Cryptolocker 3.0 and in fact uses the same methods as Cryptolocker 3.0. Experts indicate that Alphacrypt has the same look and feel as Teslacrypt. However, Alphacrypt is more advanced. This is simply because AlphaCrypt truncates the Volume Snapshot Service. This allows the vulnerable computer to never have a backup copy, which is unencrypted, of his or hers personal files on the domain itself. Thus, victims of AlphaCrypt are forced to pay the ransom the program demands via bitcoin. When the victim pays the ransom, it goes through TOR. TOR is a program that allows users to anonymously use the internet, which transmits the user’s encrypted desired data through various servers. Once the user’s encrypted data reaches the endpoit of the TOR circut, the data is transmitted back to the user in his or hers browser. This provides the user with full anonymity. Thus, hackers manipulate the TOR functionality. Once the bitcoin transaction has been made, the developers will use complex algorithms to launder their “blood money”, which makes the transaction completely untraceable.
How AlphaCrypt Spreads
Cyber security analysts were able to inquire that the popular exploit kit being used to spread this variant is the Angler Exploit Kit. The Angler Exploit kit attempts the utilize the latest zero-day vulnerabilities, such as the Adobe Flash zero-day. Once AlphaCrypt exploits the vulnerability, the malicious program of choice, namely Alphacrypt, is able to drop malware into the vulnerable computer’s memory.
How to Prevent AlphaCrypt
In order to prevent Alphacrypt, it is recommended to run a good heuritic and realtime anti-virus. A good anti-virus should be able to stop the Alphacrypt variant from encrypting a vulnerable computer’s data. Lastly, stay away from phishing sites and use a good updated Browser that helps find phishing sites.