An infringement incident presumed to be in the form of Alice ransomware has occurred, and we would
like to confirm the situation and provide a warning as follows.

Alice ransomware

The ransomware in question is called Alice and appears to be changing all files with file name and extension. alice.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• NET VB-based ransomware. Unlike general ransomware, it is difficult to check the internal code because it is built by reinterpreting resource images stored as binary dots. When it is re-run for the second time, the shadow copy is deleted and encrypted.

  
  [Figure 3 Checking shadow copies during dynamic operation]

Infection results

A guide file is created under the name <How To Restore Your Files.txt> in each folder location, and each encrypted file is changed to <file name.extension.alice>.

[Figure 4 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 5 Block message]

Go watch Alice Blocking Video