Alphabet Ransomware

The Alphabet Ransomware is a Trojan that does not support encryption and uses a lock screen instead. The behavior of the Alphabet Ransomware reminds the Manifestus Ransomware and the Fantom Ransomware, which employ deceiving images and lock screen features to convince users to deliver payment to a wallet address. PC security analysts classify the Alphabet Ransomware Trojan as a Screen Locker. However, some analysts report that they have seen versions of the Alphabet Ransomware that encrypt data. Computer users should keep their guard up and avoid spam emails that recommend the download of a text document.

The Alphabet Ransomware is Under Development

In-depth threat analysis shows that the Alphabet Screen Locker is under development and we may see two separate versions. Contemporary ransomware is designed to be easy to modify, and we see many variants released daily. Therefore, it is not a surprise that the Alphabet Ransomware might have a version specialized in locking screens and one that supports encryption. The active development of both strands may be aimed to hinder heuristic detection and enable threat actors to infect more users. Consequently, more users may be willing to deliver payment. At the time of writing this, the Alphabet Ransomware does not require payment in Bitcoins yet. Affected users are provided with a key by default.

How the Alphabet Ransomware Acts

Both versions of the Alphabet Ransomware employ a lock screen, and the difference lies in the use of an encryption engine. The Alphabet file coder uses a custom AES-256 cipher to encrypt the files, which is standard among crypto-threats such as the 'Merry X-Mas!' Ransomware and the EdgeLocker Ransomware. The Alphabet Ransomware can lock files hosted on local and removable drives, and Windows Explorer is unable to load thumbnails for enciphered objects like images, presentations, text, eBooks, PDFs and video. Experts note that the Alphabet Ransomware may run as a process named 'update.exe' and use the native Windows messaging service to bring up a notification saying you need to install updates to the system. The Alphabet Ransomware is known to generate an overlay that resembles the screen shown on the Windows 10 when updates are being installed. Educated users know that it is not recommended to turn off their PCs as long as the 'Installing Updates' message is on. That way, the authors of the Alphabet Ransomware use the fake updates screen to mask the activity of the Trojan. At the end of the encryption process a lock screen colored in red substitutes the overlay and says:

'Your computer has been struck by the Alphabet Ransomware. All your documents are encrypted with the strongest encryption algorithms. There is no way to decrypt your files without purchasing a special decryption key and typing it here. If you will kill this application, the decryption key will be destroyed aswell and NO ONE will be able to decrypt your files.
Decryption code: [text box]
Decrypt.
Since it is a debug version, here is your key... :/
[the decryption key]'

A CMD-Like Message Generated by the Alphabet Ransomware Notifies the User of a Successful Encryption

The lock screen shown by the Alphabet Ransomware is similar to the command line utility in Windows and comes with the several perks. The Alphabet Screen Locker disables keyboard shortcuts, as well as access to the desktop, the Task Manager, the Registry Editor and CMD. Needless to say, users who do not have extensive knowledge of the Windows OS may panic and seek a way to pay the ransom as soon as possible. You may be lucky if you are compromised by the version with screen locking features only. Otherwise, the Alphabet file coder would have enciphered your data, and it would be great if you have backup images available. Cyber security experts recommend users invest time and effort into learning how to backup data securely considering that threats like the Alphabet Ransomware do not seem to decline in numbers. You might want to install a reliable anti-malware tool on Windows that can scan executable and documents from unknown sources, as well as remove the Alphabet Ransomware.