A security breach believed to be in the form of Alcatraz ransomware has occurred,
so we would like to confirm the situation and provide a warning as follows.

Alcatraz ransomware

The ransomware in question is called Alcatraz and appears to be changing all files with the file name.extension.Alcatraz.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It is based on a C++ console and features the use of myexternalip's web API in the process of internally checking the user's IP information. It also deletes shadow copies using cmd and automatically executes a ransom note (html) after completion.

  
  [Figure 3 Dynamic information checking IP information using myexternalip’s API]

  
  [Figure 4 Shadow copy deletion dynamic information]

  
  [Execute ransom note after completing Figure 5 (html)]

Infection results

The information file is < ransomed.html > in each path, and when encryption is performed, the files are changed to .

[Figure 6 Infection results]

White Defender compatible

Real-time automatic restoration is supported for files that will be encrypted before WhiteDefender Ransomware's malicious actions and blocking. It also supports real-time automatic restoration for WhiteDefender Ransomware's malicious actions and files that will be encrypted before blocking.

[Figure 7 Block message]

Watch Alcatraz Blockade Video