Ransomware - Alpha Locker

Alpha Locker (Active)
Aliases
Alpha
MyData
Decryptor Available
No
Description

The first mentions of Alpha Locker, or Alpha, appeared in Bleeping Computer's forums in the Summer of 2023. However, in early January, the group appeared more ubiquitously within the cybersecurity community. This group is also known as "mydaya" because of the TOR domain name on which they host their data leak site. Nothing is known about the group besides what is on the data leak site and what is published on the Bleeping Computer forums. However, independent researcher Rakesh Krishnan also posted an article about some of Alpha Locker's operations. We weren't able to find an applicable hash or sample to analyze. Thankfully, within the Bleeping Computer's forums are hashes to the ransom notes on VirusTotal. Below is any other helpful information we could gather about this ransomware without a proper sample. We will post more details below if and when we find a sample.

Ransomware Type
Crypto-Ransomware
Data Broker
First Seen
Extortion Types
Direct Extortion
Double Extortion
Free Data Leaks
Extortion Amounts
Amount
0.1684BTC
0.2720BTC
Communication
Medio
Identificador
Tox
Crypto Wallets
Blockchain Type
Crypto Wallet
BTC
bc1q5d597cxs3gs7fzjtmga460eyad82temtt4rsln
BTC
bc1qff2u797mrekxtcnr68p2gqarnjxvy575jug430
File Extension
<file name>.<random 8 character alphanumeric string>
Ransom Note Name
<random 8 character alphanumeric string>.Readme.txt
Industry Sector País Extortion Date Amount (USD)
Healthcare & MedicineUnited States
Professional ServicesFrance
AgricultureUnited States
Professional ServicesAustralia
Fashion & TextilesCanada
ElectronicsTaiwan
Professional ServicesSouth Africa
EducationUnited States
Oil & GasUnited States
ManufacturingUnited Kingdom
Construction & ArchitectureItaly
Distribution & LogisticsFrance
Banking & FinanceUnited States
ManufacturingGermany
Professional ServicesUnited Kingdom