What is ALBASA Ransomware

ALBASA is a ransomware-type virus designed to encrypt system-stored data and blackmail victims into paying money for its return. During encryption, all files acquire the new .ALBASA extension and reset their original icons to blank. This is also accompanied by the creation of RESTORE_FILES_INFO.txt – a text note containing instructions on how to recover blocked data.

RESTORE_FILES_INFO.txt

------------------
| What happened? |
------------------
Your network was ATTACKED, your computers and servers were LOCKED,
Your private data was DOWNLOADED:
- Contracts
- Customers data
- Finance
- HR
- Databases
- And more other...
----------------------
| What does it mean? |
----------------------
It means that soon mass media, your partners and clients WILL KNOW about your PROBLEM.
--------------------------
| How it can be avoided? |
--------------------------
In order to avoid this issue,
you are to COME IN TOUCH WITH US no later than within 3 DAYS and conclude the data recovery and breach fixing AGREEMENT.
-------------------------------------------
| What if I do not contact you in 3 days? |
-------------------------------------------
If you do not contact us in the next 3 DAYS we will begin DATA publication.
We will post information about hacking of your company on our twitter hxxps://twitter.com/RobinHoodLeaks or hxxps://www.gettr.com/user/robinhoodleaks
ALL CLINTS WILL LEARN ABOUT YOUR HACKING AND LEAKAGE OF DATA!!! YOUR COMPANY'S REPUTATION WILL BE HURTLY DAMAGED!
-----------------------------
| I can handle it by myself |
-----------------------------
It is your RIGHT, but in this case all your data will be published for public USAGE.
-------------------------------
| I do not fear your threats! |
-------------------------------
That is not the threat, but the algorithm of our actions.
If you have hundreds of millions of UNWANTED dollars, there is nothing to FEAR for you.
That is the EXACT AMOUNT of money you will spend for recovery and payouts because of PUBLICATION.
You are exposing yourself to huge penalties with lawsuits and government if we both don't find an agreement.
We have seen it before cases with multi million costs in fines and lawsuits,
not to mention the company reputation and losing clients trust and the medias calling non-stop for answers.
--------------------------
| You have convinced me! |
--------------------------
Then you need to CONTACT US, there is few ways to DO that.
---Secure method---
a) Download a qTOX client: hxxps://tox.chat/download.html
b) Install the qTOX client and register account
c) Add our qTOX ID: -
d) Write us extension of your encrypted files .ALBASA
Our LIVE SUPPORT is ready to ASSIST YOU on this chat.
----------------------------------------
| What will I get in case of agreement |
----------------------------------------
You WILL GET full DECRYPTION of your machines in the network, DELETION your data from our servers,
RECOMMENDATIONS for securing your network perimeter.
And the FULL CONFIDENTIALITY ABOUT INCIDENT.
----------------------------------------------------------------------------------
Number of files that were processed is: 2498

The ransom note guides victims to contact swindlers using the qTOX chat and pay for decryption. Victims should also write the name of the extension (.ALBASA, in this case) that was added to encrypted files. Should victims fail to establish communication with cybercriminals during 3 days after encryption, they threaten to start leaking encrypted data to public resources. ALBASA collects a number of different information related to finance, contracts, HR, and databases meaning it targets business networks more often than regular users. After the price for decryption is paid, ALBASA developers promise to send the necessary tools and not publish any collected data. Unfortunately, the price remains in secret until victims reach out to cybercriminals. Although paying the ransom might be the only way to avoid leakage of data and recover the files completely, there is no guarantee it is actually going to happen. Some crooks dump their victims and do not react upon receiving the money at all. Either way, the decision is up to business owners on whether they want to risk their company reputation by not paying the ransom. For now, there are also no concrete methods to decrypt files without the help of cybercriminals. You can only recover them using backup copies from unaffected storage of data. Otherwise, you can still try some third-party tools to hope for partial decryption at least. More information on this is presented in our tutorial below.

albasa ransomware

How ALBASA Ransomware infected your computer

Malware that targets financial organizations can be distributed via physical storage like NAS (QNAP) by exploiting its temporary vulnerabilities. In other cases, it is also common to see ransomware infect systems through malicious spam letters. Such letters bombard a number of users and contain malicious attachments disguised as something legitimate. These attachments are usually MS Office files (Word, Excel), PDF, JavaScript or Archive files hardwired to store and execute the installation of malware. The letters sent to receivers might look like they are legitimate by taking names of world-known firms (DHL, DPD, FedEx, etc.). Many people get curious and interact with such letters which leads to inevitable damage by various infections like ransomware. The main advice is to be more careful and use only official or verified resources around the web. You can also follow our instructions below to learn about useful instruments that help users firewall their PC experience against devastating threats like ALBASA Ransomware.

  1. Download ALBASA Ransomware Removal Tool
  2. Get decryption tool for .ALBASA files
  3. Recover encrypted files with Stellar Data Recovery Professional
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like ALBASA Ransomware

Download Removal Tool

Download Removal Tool

To remove ALBASA Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of ALBASA Ransomware and prevents future infections by similar viruses.

Alternative Removal Tool

Download SpyHunter 5

To remove ALBASA Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of ALBASA Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.

ALBASA Ransomware files:


RESTORE_FILES_INFO.txt
{randomname}.exe

ALBASA Ransomware registry keys:

no information

How to decrypt and restore .ALBASA files

Use automated decryptors

Download Kaspersky RakhniDecryptor

kaspersky dharma ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .ALBASA files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .ALBASA files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with ALBASA Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore .ALBASA files

stellar data recovery professional

  1. Download Stellar Data Recovery Professional.
  2. Click Recover Data button.
  3. Select type of files you want to restore and click Next button.
  4. Choose location where you would like to restore files from and click Scan button.
  5. Preview found files, choose ones you will restore and click Recover.
Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like ALBASA Ransomware, in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

idrive backup

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. ALBASA Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove Cantopen Ransomware and decrypt .cantopen files
Next articleHow to remove Searcheq.com
James Kramer
Hello, I'm James. My website Bugsfighter.com, a culmination of a decade's journey in the realms of computer troubleshooting, software testing, and development. My mission here is to offer you comprehensive, yet user-friendly guides across a spectrum of topics in this niche. Should you encounter any challenges with the software or the methodologies I endorse, please know that I am readily accessible for assistance. For any inquiries or further communication, feel free to reach out through the 'Contacts' page. Your journey towards seamless computing starts here