One example of the Alfa variant.

Image Source:

Alfa, a new variant from the creators of Cerber, targets Windows OS and the method of distribution is currently unknown. Once executed, Alfa encrypts specific files and appends them with the extension .bin. It also maintains persistence by creating an autorun file (MSEstl) which launches the executable (msestl32.exe) every time the victim logs into Windows. It also deletes Shadow Volume Copies to prevent file restoration. Alfa demands a ransom payment of 1 Bitcoin but threatens to increase the price by 20 percent for every three days that the ransom is not paid.

  • Bleeping Computer provides more information about Alfa here.
  • The NJCCIC is not aware of any decryption tools available for Alfa.