Why ALC Ransomware Does Not Really Encrypt Files
ALC is a type of ransomware that differs from other variants because it does not encrypt files.
Instead, ALC displays a full-screen ransom note that resembles a lock screen and drops several files on the victim's desktop. The note provides instructions on how to pay the ransom, which involves sending $2000 in Monero cryptocurrency to a provided wallet and emailing alc@cock.li to confirm the payment. The ransom note threatens victims that their files are encrypted and will be permanently inaccessible if the ransom is not paid within a week. Additionally, it warns that the ransom amount will double after two days.
However, it should be noted that ALC ransomware does not actually encrypt any files, and the ransom note appears to be an attempt to scare victims into paying money. If multiple monitors are being used, only the primary monitor is affected. Additionally, ALC disables Task Manager, but this can be re-enabled by running it again. It is possible that the attackers are either attempting to deceive victims or are still developing their ransomware and may add encryption capabilities in the future.
The Fake Ransom Note and Lock Screen Used by ALC
The full text displayed in the fake lock screen displayed by the ALC ransomware goes as follows:
ALC
All your files are encrypted and inaccessible
How to decrypt my files?
Instructions
To recover your data, send amount to my wallet below and then send a
Send a message to the email: Alc@cock.li and inform that you have sent the amoun and Mention cvID, SuffID, personnelID in the same message.decrypt process
To decrypt, after sending the email to the personnel,
Your payment will be confirmed and your cvID will be sent to the key decryption sec decryption instructions will be sent to you.
Note: file decryption is not possible after a week
Note: The amount paid will be doubled after two days
Note: Decryption tools are unable to decrypt your files due to the randomness of thwallet: 46yRW1YjGQUgZi2CrrX5ENj9boHWD8VqYJbGyv1f9Q gvGuqJfUanwsfEEBuFhu4VqeaQVwqx2ctLPQbFbHjiRCja4cak53o
amount: 554XMR
cvID:-
SuffID:-
personnelid :-
Amount = 2000$The ransom amount is doubled two days later
Support email: Alc@cock.li
How Can You Get Rid of Fake Ransomware Variants Like ALC That Do Not Encrypt Files?
If you have been infected with a fake ransomware variant like ALC that does not actually encrypt files, you may be able to remove it from your system using the following steps:
- Use anti-malware software to scan your system and remove any malicious files associated with ALC. Make sure your anti-malware software is up to date and perform a full system scan to detect and remove any infections.
- If ALC has modified your system settings or disabled Task Manager, you can try to fix these issues by restarting your computer in Safe Mode. In Safe Mode, you can access the Task Manager and modify system settings without interference from the ransomware.
- If you have made a backup of your files, you can restore them from your backup after removing the ransomware. If you do not have a backup, you can try using file recovery software to restore any files that were deleted or modified by ALC.
- If you have paid the ransom, you should report the incident to law enforcement agencies and your financial institution. While it may not be possible to recover your payment, reporting the incident can help authorities track down the criminals and prevent future attacks.
Finally, take steps to prevent future ransomware infections by keeping your system and software up to date, using anti-malware software, and being cautious when opening email attachments or downloading software from the internet.
By following these steps, you can remove fake ransomware variants like ALC from your system and prevent future infections. Remember that being cautious and keeping your system up to date is key to staying protected from cyber threats.
