Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alfa Ransomware Help Topic - .bin extension README HOW TO DECRYPT YOUR FILES.HTM


  • Please log in to reply
4 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,268 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:42 PM

Posted 06 July 2016 - 06:07 AM

A new ransomware has been discovered by BloodDolly called Alfa Ransomware. This ransomware also sometimes refers to itself as Alpha Ransomware. When encrypting your files it will append the .bin extension to them. It also creates ransom notes calld README HOW TO DECRYPT YOUR FILES.HTML and README HOW TO DECRYPT YOUR FILES.TXT.

The top part of the Alfa Ransomware Decryptor page can be be seen below:

alfa-decryptor-page-head.png



BC AdBot (Login to Remove)

 


m

#2 Amigo-A

Amigo-A

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:42 AM

Posted 06 July 2016 - 06:53 AM

This is also theirs?

http://pastebin.com/d9rrHucF 

 

Alfa Ransomware Decryptor for Alpha Ransomware, another, not the one that was known previously.

 

Among extortionists it seems obsolete names and ended fantasy. :)


Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#3 Amigo-A

Amigo-A

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:42 AM

Posted 06 July 2016 - 03:04 PM

The file name is changed to 10 random characters: [10_random_chars].bin

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#4 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:12:42 AM

Posted 08 July 2016 - 12:50 PM

 

The file name is changed to 10 random characters: [10_random_chars].bin

 

Are you sure? All samples I have didn't change the whole name.



#5 Amigo-A

Amigo-A

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:42 AM

Posted 09 July 2016 - 03:48 AM

BloodDolly

I posted in PM.


Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users