Cerber Devs Create New Ransomware Called Alfa
The developers behind the Cerber ransomware released their latest creation upon the Interwebs, and it’s a new ransomware variant named Alfa, Bleeping Computer reported last week.
Cerber is one of today’s most active and widespread ransomware families, alongside Locky, CryptXXX, and Jigsaw. Security researchers did not crack its encryption, so it is quite odd to see the group creating a new and different version without an apparent reason.
Alfa ransomware is currently undecryptable
Since Alfa is new on the scene, security researchers still don’t know how this threat spreads, but they are aware that Alfa is linked to Cerber’s devs and that it features a rock-solid encryption routine that currently can’t be broken.
Just like most ransomware families today, Alfa encrypts users files and appends a file extension at the end. You can identify Alfa ransomware infections by the extra .bin extension it adds to encrypted files.
The ransomware targets 142 different file types, and after the encryption process ends, it drops text and HTML-based ransom notes on the user’s Desktop and other locations.
Alfa apparently rebranded from Alpha
The ransom note is improperly worded and may need some work. Also, the ransom note uses the “Alpha” term instead of Alfa, which is used only on the Tor-based website where users are told to go to decrypt their files.
The name Alfa ransomware will likely be used in future versions because there was already an Alpha ransomware that appeared at the start of May 2016, for which security researchers created a free decrypter.
The Cerber devs would likely want to distance themselves from the term “Alpha ransomware” as much as possible since they may not want victims thinking they can recover files after googling the ransomware’s name. Alfa asks 1 Bitcoin (~$650) from each infected user.