The attacker requests payment in Bitcoin. The MafiaWare666 ransomware displays a window with instructions detailing how to pay the ransom. Encrypted files will have the '.Alcatraz' extension. All the Avast Decryption Tools are available in one zip here. Files held hostage are appended with one or all of the following. Avast Decryption Tool for Alcatraz Locker can remove the Alcatraz Locker ransomware, which uses AES 256 encryption combined with Base64 encoding. MafiaWare666 searches specific folder locations (Desktop, Music, Videos, Pictures, and Documents) and encrypts numerous file extensions like 7z, Bat, DivX, HTML, JPEG, JPG, MP3, MP4, ZIP, and everything in between for the most part. It is likely that new or unknown samples may encrypt files differently, making them decryptable without further analysis. Avast researchers found a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. MafiaWare666 encrypts files using AES encryption. The MafiaWare666 ransomware strain is written in C# there aren't any obfuscation or anti-analysis techniques.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |