Threat Database Ransomware AL8G Ransomware

AL8G Ransomware

By GoldSparrow in Ransomware

AL8G Ransomware is the name of a ransomware threat that malware analysts have identified at the end of July 2020. This newly spotted data-locker appears to be a variant of the Matrix Ransomware.

Propagation and Encryption

No one can confirm with full certainty what the exact propagation method involved in the spreading of the AL8G Ransomware is. However, malware analysts speculate that the creators of this threat may rely on popular distribution techniques such as corrupted advertisements online, fake social media posts, bogus pirated copies of popular applications, fraudulent software updates, and downloads, phishing emails that contain macro-laced attachments, etc. Once the AL8G Ransomware breaches your system, it will perform a scan to locate your files. This Trojan is programmed to target a variety of filetypes .doc, .docx, .pdf, .txt, .xlsx, .xls, .pptx, .ppt, .svg, .png, .gif, .jpeg, .jpg, .webm, .mov, .mp4, .wav, .mp3, .midi, .mid, .aac, .db, .zip, .rar, and many others. This means that once the AL8G Ransomware completes the encryption process, most of your files will be inaccessible. The files encrypted by the AL8G Ransomware will receive an additional extension – '[AlanRed@criptext.com].<RANDOM STRING>-<RANDOM STRING>. AL8G.' This means that if you had named a file 'training-mat.jpeg' originally, this data-locker would rename it to 'training-mat.jpeg[AlanRed@criptext.com].<RANDOM STRING>-<RANDOM STRING>. AL8G.'

The Ransom Note

When all the targeted data has been encrypted successfully, the AL8G Ransomware will proceed with the attack by placing a file on the victim's desktop. The file's name is 'Readme_AL8G.rtf.' This file contains the ransom message of the attackers. In the ransom demand, the authors of the AL8G Ransomware provide three email addresses as a means of communication – ‘AlanRed@criptext.com,' ‘AlanRed88@protionmail.com' and ‘AlanRed@tutanota.com.' to affirm to the victim that they are in possession of a working decryption key, the attackers offer to decrypt up to three locked files, provided that they are not too large.

There is no sustainable reason for you to trust the word of cybercriminals. They rarely deliver on their promises, so it is not good to pay them the ransom fee they will demand. Instead, what should be done is download and install a reputable, up-to-date anti-spyware solution that will remove this nasty Trojan from your PC safely.

Trending

Most Viewed

Loading...