Alice Ransomware Uses Ransom Note in Russian

During our investigation into new malware submissions to online threat databases, our team discovered the Alice ransomware. This particular type of malware encrypts a victim's data and demands a ransom for decryption. Upon testing a sample of the Alice ransomware on our system, we observed that it encrypted all the files and added a ".alice" extension to their names. For instance, a file named "1.jpg" would appear as "1.jpg.alice" after encryption, and the same applies to all other affected files.

After completing the encryption process, the ransomware created a text file called "How To Restore Your Files.txt," which contained the ransom message in Russian. The message claimed that the victim's computer had been blocked and threatened to destroy their data if the ransom was not paid. It also warned against attempts to delete the ransomware, stating that doing so would cause damage to the motherboard and hard drive. The attackers demanded a payment of 150 USD worth of cryptocurrency to ensure the safe return of the victim's data. After paying the ransom, the victim was instructed to inform the cybercriminals.

Hackers Ask for Ransom in Russian

The complete text of the Alice ransom note reads as follows:

Привет! Твой компьютер заблокирован и данные будут уничтожены полностью. При попытке удаления, либо восстановления сгорит материнская плата и жесткий диск. Для Получения ключа разблокировки необходимо перевести 150$ на btc bc1qqqgylqg6yg88rhls33w6adtldtw8sac5j4jdvy ; eth 0x2171ca4e07F4AbaD32Cb701D138fE03f22B9DADF ; usdC trc20 TMaWdfcLKzCnS3YKGGnNbqi81NyfWWMeA3 Чек об оплате отправить на sorry_bro_zhalko@proton.me и получить ключ.

How Can Ransomware Similar to Alice Infect Your System?

Ransomware, including Alice ransomware, can infect your system through various means. Some of the common methods used by attackers include:

• Phishing emails: Attackers often use phishing emails to trick victims into clicking on a link or downloading an attachment that contains the ransomware. These emails may appear to be legitimate, but they often contain fake or malicious links.
• Malicious downloads: Ransomware can also be downloaded to your system through malicious downloads. These downloads may come from untrusted sources or be disguised as legitimate software.
• Exploiting vulnerabilities: Attackers may also exploit vulnerabilities in software or operating systems to infect your system with ransomware. This can occur if you have not updated your software or operating system with the latest security patches.
• Drive-by downloads: Drive-by downloads occur when you visit a compromised website that automatically downloads malware to your system. This can happen if the website has been hacked or if the attacker has created a fake website that appears to be legitimate.

Once the ransomware infects your system, it can quickly spread and encrypt your files, making them inaccessible. The attackers then demand payment in exchange for the decryption key needed to unlock your files. It is important to regularly back up your data and implement strong security measures, such as using antivirus software and keeping your software and operating system up to date, to prevent ransomware attacks from succeeding. Additionally, being cautious when opening emails or downloading files can also help reduce the risk of ransomware infections.