How to Recover and Restore .pst files encrypted by Alpha Ransomware

My Personal Storage Files (.pst) files have been encrypted by Alpha ransomware also I am getting a ransom note when I try to access any of the files that are stored on the Outlook demanding to pay a ransom of $ 400. I have searched for solution over web and came to know that encrypted files by Alpha Ransomware can be decrypted without paying the ransom to hackers. However I am unable to find any solution for the same till now.

Threat Summary

  • Name : Alpha
  • Type : Ransomware
  • Symptoms: Encryption of stored files including .pst files
  • Distribution: spam email, file sharing, P2P file sharing

About Alpha Ransomware

Security researchers have found a new ransomware infection which uninstall itself after file encryption on targeted computer and left an auto-run file in system registry. So the ransomware get executed on victim’s computer with every boot. The main executable file that is responsible for file encryption is –%APPDATA%\Windows\svchost.exe. The ransomware is quite lethal and encrypts 249 type of different files including .pst files on users computer. However it keeps system files separate from encryption, even on system drive (where OS get installed, usually C:\), Alpha Ransomware only encrypts files that is saved on Desktop, Documents, Pictures, Videos, Cookies folders, personal storage table. The ransomware uses AES-256 file encryption algorithm by use of public and private keys. After a successful file encryption on compromised computer the tyrannical ransomware force victims to pay US $ 400 to provide private keys to restore their files back in their original format.

How to recover pst files from Alpha Ransomware attack and decrypt files with .ENCRYPT extension

According to the ransom note released on victim’s computer, files can’t be decrypted by any methods and attempts to remove .ENCRYPT extension may result in permanent loss of files. Furthermore Alpha Ransomware also scare users that private keys to recover from Alpha Ransomware attack, will be deleted from C&C server after a certain time. In fact, payment of ransom also does not assure recovery of encrypted files, because the cyber offenders behind this ransomware program often refuses to provide keys to repair encrypted files. So the users on infected computer are being suggested to use other options for recovery of files such as cloud backup, or restore files from external drive backup, after removal of Alpha Ransomware on their computer. Victims can also use following methods for removal and recovery from Alpha Ransomware attack on computer.

However if they are unable to decrypt .pst files successfully, it is advised to make use of pst recovery software that can repair and restore pst files infected by malware.