Home / Spyware Help / Alka Ransomware Removal Guide

Alka Ransomware Removal Guide

by 0 Comments

Do you know what Alka Ransomware is?

Alka Ransomware is a file-encrypting infection, which means that it ciphers your files to make them unreadable. Once that is done, you cannot read your documents, photos, and other personal files, and that is meant to push you towards certain actions. Whatever you do, keep in mind that cybercriminals are behind this infection, and you know better than to trust them, don’t you? The truth is that they could promise you anything and give you as much reassurance as you need, but at the end of the day, they cannot be forced to do anything. Therefore, you need to stand your ground and think before taking any actions. In this report, we show how to delete Alka Ransomware, and we also discuss two different methods that, hopefully, you will be able to apply to correct the course set by the infection.

First things first: where did Alka Ransomware come from? If the threat has invaded your operating system, it must lack protection. Reliably guarded operating systems should be able to keep file-encryptors and other kinds of malware away. Perhaps it is time for you to update or install security software, as well as asses your own behavior? According to our research team, most infections of this kind rely on spam emails and bundled downloaders to invade systems, and that means that victims are involved in the execution process. Needless to say, if you are more cautious about what emails you open and interact with, or what files you download (and where you download them from), you might decrease your chances of facing malware launchers significantly. This is important because there are thousands of threats that can use these backdoors. Alka Ransomware itself has multiple clones – including Reha Ransomware, Nbes Ransomware, or Hets Ransomware – all of which are part of the STOP Ransomware family. Removal guides for these threats are already available on this website.Alka Ransomware Removal GuideAlka Ransomware screenshot
Scroll down for full removal instructions

After encryption, you are likely to discover the “_readme.txt” file first. Then, you might realize that all of your personal files have the “.alka” extension appended to them and are no longer readable. The text file dropped by Alka Ransomware plays an important role because it is meant to convince you that only the attackers can decrypt your files. In return for a tool that, supposedly, can restore files, the attackers want money from you ($490 within three days or $980 after free days), and you are instructed to email helpmanager@firemail.cc or helpmanager@iran.ir to get information about the method of payment. Would you receive a decryptor if you did as told? More likely, you would be left empty-handed, and your email inbox would be flooded with new scam emails or emails terrorizing you to pay more money. Needless to say, we suggest that you ignore all requests made by the attackers behind Alka Ransomware.

The removal of Alka Ransomware is pretty straightforward. If you can find the launcher of the infection, and if you are up to digging deep to find all malware components yourself, you can follow the guide below. If you are unable to delete Alka Ransomware manually, or if you are also worried about your system’s protection, we advise installing anti-malware software. Legitimate and reliable software will automatically remove malware and secure your system seamlessly. As for the files, if you have backups (i.e., copies of your personal files) stored outside the computer, you can use them as replacements. Another option is to implement a free decryptor. In most cases, free decryptors do not exist, but a tool called ‘STOP Decrypter’ exists, and while it was not yet decrypting the files corrupted by Alka when we tested it, perhaps it will help victims of this malware in the future.

Delete Alka Ransomware

  1. If you can locate the launcher of the threat, right-click and Delete it.
  2. Right-click and Delete all copies of the _readme.txt file.
  3. Launch Run (tap Win and R keys) and enter regedit into the dialog box.
  4. In Registry Editor, go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  5. Right-click and Delete the value named SysHelper.
  6. Launch File Explorer (tap Win and E keys) and use the quick access field to access the %LOCALAPPDATA% directory (%USERPROFILE%\Local Settings\Application Data\ on Windows XP).
  7. Right-click and Delete the folder with a random name that contains ransomware files.
  8. Use the quick access field to access the %WINDIR%\System32\Tasks\ folder.
  9. Right-click and Delete the task named Time Trigger Task.
  10. Exit File Explorer and then Empty Recycle Bin.
  11. Examine your system for potential leftovers using a trusted malware scanner.

In non-techie terms:

Alka Ransomware was created to trick money out of you. The cybercriminals behind it promise you a decryptor in return for a ransom, but they are the ones who corrupted your personal files in the first place, and so trusting them is the worst thing you could do. We do not advise paying the ransom or even communicating with the attackers via the provided email addresses, because that alone could offer an opportunity for them to attack you further. If you have backup copies of your personal files, you can use them to replace your files after you remove Alka Ransomware from the system. Alternatively, you can look into using a free decryptor called ‘STOP Decrypter.’ Unfortunately, at the time of research, it was not yet capable of decrypting Alka. To remove this threat and also secure your system at once, we advise installing anti-malware software, but you might also be able to delete the infection manually, using the instructions you can see above.