Alka Ransomware

What is Alka Ransomware?

Alka Ransomware is a malicious computer infection that will lock up your files in a blink of an eye. This program will try to push you into paying for the decryption key. Of course, everyone should be aware of the fact that paying for the decryption key doesn’t solve anything. In fact, the people behind this infection are bound to collect the payment and then disappear without even providing the decryption key. Hence, it is for the best to remove Alka Ransomware right now. Please scroll down to the bottom of this description, where you will find the manual ransomware removal guidelines.

Where does Alka Ransomware come from?

Alka Ransomware comes from a notorious ransomware family. It comes from the STOP Ransomware group. Therefore, it means that this program is pretty similar to Odveta Ransomware, Gesd Ransomware, Leto Ransomware, and many others. All these programs are based on the same core code, and the code is slightly modified for every single program, to make them look individual. However, almost all applications from this group look more or less the same.

They also employ similar distribution tactics. It means that Alka Ransomware reaches its victims using the same methods as its predecessors. For the most part, this program travels via spam email attachments. It is a rather frustrating fact because it means that users download and install Alka Ransomware (and other similar programs for that matter) on their systems willingly. Of course, they are not aware of that. They think that they open some important documents they have received, and they must check the contents of that document.

However, if you do not recognize the sender, why would you open an attached document, no questions asked? Even if the document looks reliable or legitimate, you should still consider scanning it with a security tool of your choice. If the security tool does not find anything suspicious about the said document, then you should be able to open it.

What does Alka Ransomware do?

If you weren’t careful enough, and this ransomware program entered your system, you will experience the full scope of a ransomware infection. This means that Alka Ransomware will encrypt your files, and all the affected files will receive a new extension. For instance, flower.jpeg would look like flower.jpeg.alka after the encryption. It goes without saying that all the encrypted files will have their information strings jumbled and scrambled, and thus, the system would no longer be able to read it. For that, you really don’t need the additional extension, as the file icons will change into blank pages automatically.

Every single folder that contains the encrypted files will also get a ransom note _readme.txt. The ransom note displays the usual message that is quite similar across all programs from the STOP Ransomware family:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encrypted and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
<…>
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.

Does it mean that you should hurry to contact these criminals and transfer the ransom fee? Absolutely not. As mentioned, no one can guarantee that these people would issue the decryption key. Hence, keep your money to yourself and remove Alka Ransomware today.

How do I remove Alka Ransomware?

The manual removal is not too complicated, but if you do not feel confident about it, you can leave it to a reliable antispyware tool of your choice. On the other hand, removing the infection is the easier part.

It is a lot more challenging to restore the encrypted files. If Alka Ransomware used an offline key to encrypt your data, there is a public decryption key you can use to restore your files. If the program used an online key to encrypt your files, it might be a lot harder to deal with this.

In fact, the most efficient file recovery method is transferring them back to your computer from an external hard drive. If you do not back up your files, try looking through your other devices. Perhaps you have the latest copies of your files there.

Manual Alka Ransomware Removal

1. Remove the most recently downloaded files from Desktop.
2. Remove the most recently downloaded files from the Downloads folder.
3. Press Win+R and type regedit. Click OK.
4.  Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
5. On the right, right-click and delete value with the 0x0xx000-00x0-000x-0x00-0x00xx0x0xx0 format filename in its path.
6. Exit Registry Editor and press Win+R again.
7. Go to %UserProfile%\Local Settings\Application Data.
8. Delete the folder with the 0x0xx000-00x0-000x-0x00-0x00xx0x0xx0 name.
9. Repeat steps 6 to 8 with the %LocalAppData% directory.
10. Press Win+R and type %WinDir%. Click OK.
11. Go to System32\Tasks and delete Time Trigger Task.
12. Run a full system scan with SpyHunter. Download Removal Tool100% FREE spyware scan and
    tested removal of Alka Ransomware*