Alpha targets Windows OS and, currently, the method of distribution is unknown. Once installed, it places its main executable file in %APPDATA%\Windows\svchost.exe and creates an autorun file named “Microsoft” which allows the encryption process to continue through system reboots. Alpha encrypts files using AES-256 and creates a ransom note named “Read Me (How Decrypt) !!!!.txt.” Alpha is selective about which files it encrypts, targeting files located on the Desktop, within the My Pictures folder, and the Cookies folder on the C: drive. On non-system drives, Alpha encrypts everything except .ini files. It will encrypt everything, however, within shared folders. Encrypted files display .encrypt as their extension. Alpha demands a ransom payment of $400 USD in iTunes gift cards.
- Bleeping Computer provides more information about Alpha here and here.
- A decryption tool for Alpha is available from Bleeping Computer here.