1 of 6
Danger level 7
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Blocks system files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

Alpha Ransomware

Alpha Ransomware is a very dangerous computer infection that might become your worst nightmare if it ever enters your computer. Researchers at pcthreat.com have closely inspected this threat and have found that it has been created by cyber criminals who are responsible for developing Cerber Ransomware (this infection was popular some time ago), which suggests that they share similarities. It is evident that they both lock files and seek to extort money from users; however, what users do not see is that there are similarities in the source codes of these two ransomware infections too. Our researchers know everything about Cerber Ransomware, so they suspect that it will not be easy to decrypt files encrypted by Alpha Ransomware as well. Unfortunately, it will not be easy to erase it from the system either; however, we are sure that it will be easier for you to delete this threat from your system if you read this article.

Ransomware infections encrypt files they find on computers and then ask users to pay money for the decryption key. Cyber criminals know that it will be difficult to swindle computer users out of cash. Therefore, a reason to pay is given for them, i.e. to get the decryption tool. Unfortunately, it seems that Alpha Ransomware encrypts the majority of files it finds on the system. It is even targeted at such valuable files as videos, music, pictures, and documents. If you have files with the following extensions on your PC, you will quickly understand that the ransomware has found a way to enter your computer because they will all be locked: .3gp, .pct, .mp3, .mp4, .kdc, .mpg, .mrw, .nef, .nk2, .xlk, .tga, .thm, .pptx, .xlsb, .rtf, .m4v, .eml, .mdb, .jpe, .cer, .nd, .c, .h, .m, .ai, .dng, .doc, and others. Not all the files will be encrypted, for example, it will not touch those located in the %WINDIR% directory; however, you could easily recognize those encrypted files because they will all have a new filename extension .bin assigned to them.

Once Alpha Ransomware is finished with personal files, it creates two files README HOW TO DECRYPT YOUR FILES.html and README HOW TO DECRYPT YOUR FILES.txt and opens the .txt file on Desktop. Users are told that their files are encrypted, and they need “the special decryption software” also known as Alpha Decryptor to unlock their files. It would be naïve to expect that the tool is free. As our specialists have noticed, this infection asks users to pay a ransom of 1.5 Bitcoin (approximately $995) within 3 days. It is also said that “each 3 days the price of the product will increase by 20%” in order to convince users to make a payment without consideration. Even though cyber criminals push users into purchasing the decryptor, our specialists say that you should not spend money on a tool which you do not even know whether will really be sent to you. At the time of writing, it is impossible to decrypt files free of charge unless you have made a backup before the entrance of this computer infection. If you do not have copies of your important files, you should wait for the free decryption tool to be released. It should be developed by specialists sooner or later.

If you do not erase Alpha Ransomware from your computer soon, it will launch again and encrypt new files you create. Yes, it is capable of starting with the Windows OS, so it will be automatically opened each time you reboot your computer. Specialists have not found this surprising at all because they have already noticed that this ransomware infection creates the Value in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with the Value Data C:\Users\user\AppData\Roaming\Microsoft\Essential\msestl32.exe. Delete the threat to make those modifications gone.

Alpha Ransomware has to be deleted from the system ASAP to protect future files. Also, you could use the computer without any fear again. As you already know, your files will not be unlocked if you get rid of this infection; however, it would be a very bad idea to let the ransomware stay. This threat can be erased either manually or automatically. Of course, it is easier to get rid of such serious computer infections automatically; however, if you still decide to go for the manual Alpha Ransomware removal, you should use the manual removal guide written by specialists working at pcthreat.com. Scroll down to find it.

Delete Alpha Ransomware from your computer

  1. Launch RUN (Win+R).
  2. Enter %APPDATA%\Microsoft\Essential and tap Enter.
  3. Select and delete msestl32.exe.
  4. Go to %USERPROFILE%\Desktop.
  5. Remove README HOW TO DECRYPT YOUR FILES.TXT and README HOW TO DECRYPT YOUR FILES.HTML files.
  6. Launch RUN again.
  7. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  8. Locate the Value MSEstl (could be different) having data C:\Users\user\AppData\Roaming\Microsoft\Essential\msestl32.exe.
  9. Right-click on it and select Delete.
  10. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows.
  11. Remove the registry key Cfqhvbwot (the name is random).
  12. Empty the Recycle Bin.
  13. Restart your computer.
Download Spyware Removal Tool to Remove* Alpha Ransomware
  • Quick & tested solution for Alpha Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.