Alilibat Ransomware
The Alilibat Ransomware is ransomware based on the Scarab Ransomware family, which was detected a while back. The Scarab Ransomware has been around for a few years now but decrypting files locked by it or a variant like the Alilibat Ransomware is still nearly impossible. The Alilibat Ransomware works in much the same way as most other ransomware and demands a ransom in return for decrypting your data. The Alilibat Ransomware is recognizable by the ".alilibat" extension it appends to the files that are encrypted by it. The threat also adds a unique identifier as an extension before ."alilibat." This would mean that a file called "xyz.abc" would become "xyz.abc.12323452.alilibat. The ransom note is usually found on the desktop and called "DECRYPT.text
Table of Contents
How Victims Should Deal with the Alilbat Ransomware
The Alilibat Ransomware attacks various file extensions including (but not limited to) DOC, PNG, MP3, PSD, TXT, PDF, XLS, XLSX and VDF. Apart from encrypting as many files as possible, the Alilibat Ransomware also is capable of disabling the System Restore and erasing the Shadow Volume Copies, both of which are essential to recovering data after a vicious attack or other problem that requires a system recovery. The Alilibat Ransomware is spread using the same techniques as most other of its kind. This includes spam email, infected downloads, torrents and embedded macros.
Sample Ransom Note
'Hello.
All your files have been encrypted due to a security problem with your PC.
For Information on decoding, please write to the e-mall AliMussafenLibat@protonmail.com
Your files are now encrypted!
Your personal identifier:
+41AAAAAAACZ1P07FZHJEQA5CARTGavIPnH-f3KICbPe2ikqWuihuzXievslvRdz8Sjrr2Ca2xTa Mke1WUWBKLF2FSrkLEgn1ZP5kV6NpFbqu2qe1HXX8AAk6vZZAZT6N03]fwjXVXM2utVdjgHRX +F8qm-wsXPYUYHEHzaoktrFYm7CylhPIV7w4ZhPG0h6tJD9y0DfWDJPEfQdnB0SZ5p3AYoIAW Lss9Ecx319+621pB-jS3vzl0ggYTix5kojN=3GAyrM6TusJ]pdQR=KLoc6aV3MaMKfEaXCgncszwl aMQU0qSGigQR5Xm36MQ9IUFZNRIDk
Now you should send us email with your personal identifier.
Contact us using this email address: AliMussafenLibat@protonmail.com
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption
The total size of files must be less than 5Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
Attention!
*Do not rename encrypted files.
*Do not try to decrypt your data using third party software, it may cause permanent data loss.
*Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
GeorjeHalique@protonmail.com'
Protecting Yourself from the Alilibat Ransomware
While there are many important steps you can take to prevent malware and ransomware from ever reaching your system, there is no guarantee that any of them will work perfectly or at all. This is why you should keep your files and documents backed up daily, or at least regularly. Any files you cannot risk losing should be backed up in a cloud storage service, or in a different place to your primary system physically. Download and install reputable third-party anti-virus software and keep it updated. This is the only way to be certain that every file that you download or run is scanned for malware or viruses. Keeping your protective software updated helps it recognize known threats and neutralize them. Never download files from an unknown source. Make sure you double-check URLs and email addresses before downloading or executing any files attached or linked to by them. Even if you recognize an email sender, never download a file that does not make sense within the context of the email. An infected system could attach files to emails without the sender ever realizing it. Never download torrents from unknown sources and never run any executable files contained in a torrent. Torrents usually never come from reputable sources and should only be used on systems with no important data on them.
What Should I Do if My System is Infected?
Several reputable companies offer tools to remove malware from your system or recover your locked files. No tool or even manual removal method can guarantee 100% of effectiveness, however. This means that once your system is infected, the only surefire way to remove the malware is to format your hard disk. You can then use a backup to restore your system to a clean state.
Some threats, like the Alilibat Ransomware, can hinder the System Restore or even delete them. This is why it's always a good idea to have your files backed up off-site. DO NOT try to reach out to the attackers. Even though they might decrypt a file or two to prove they can, there is very little chance that paying a ransom or pleading with attackers will help recover your data. More likely and common is the scenario where the attackers keep asking for more and more money until they disappear.
