CtrlAlt Ransomware
PC security researchers first observed the CtrlAlt Ransomware, an encryption ransomware Trojan, on October 16, 2018. The CtrlAlt Ransomware is typically delivered to victims via compromised email attachments in the form of PDF and DOCX files with embedded macro scripts that download and install the CtrlAlt Ransomware onto the victim's computer. The CtrlAlt Ransomware is designed to take the victim's files hostage once installed and then demand a ransom payment.
How the CtrlAlt Ransomware Attack Works
The CtrlAlt Ransomware, like most encryption ransomware Trojans, is designed to make the victim's files inaccessible through the use of a strong encryption algorithm. The CtrlAlt Ransomware targets the user-generated files, which may include numerous media files, documents, databases and several others. The following are examples of the files that threats like the CtrlAlt Ransomware targets in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The CtrlAlt Ransomware delivers a ransom note in the form of a text file named 'READ_IT,' which contains the following message:
'You only have 96 hours to submit the payment
Danger: our contacts change every 3 days
Do not hesitate, contact us immediately
Then we will not be available
Attention: if you do not have money then you do not need to write to us!
The file is encrypted with the AES-256 algorithm
Only we can decrypt the file!
Don't delete "NO_DELETE_SEND_IT" at Desktop
If you want decrypt data, send this file to us
Our email: ctrlalt@cock.li/altdelete@cock.li'
Protecting Your Data from Threats Like the CtrlAlt Ransomware
The most important aspect of dealing with the CtrlAlt Ransomware is to refrain from paying the CtrlAlt Ransomware ransom. Paying these ransoms only allows the criminals to continue creating and delivering these threats and does not guarantee that the criminals will help the victim restore the affected files. The most effective way of ensuring that your data is safe from threats like the CtrlAlt Ransomware is to have reliable backup copies of your data stored on the cloud or an external memory device. Having file backups ensures that computer users can restore their data without having to risk paying the ransom amount or helping support these criminal activities. Apart from having file backups, malware researchers also advise computer users to use a security program to ensure that threats like the CtrlAlt Ransomware do not enter a computer and remove threats like the CtrlAlt Ransomware in the event that they manage to infect your PC (however, anti-virus software is not capable of decrypting files affected by the CtrlAlt Ransomware).
