Alma

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Alma is a potent malware, specifically a ransomware, known for its ability to encrypt files using AES-128 encryption. Once it infiltrates a system, typically through suspicious downloads, emails, or websites, it proceeds to encrypt data and then creates two ransom-demand files titled “Unlock_files_(6 random characters).html” and “Unlock_files_(6 random characters).txt”. These files are saved on the desktop and in each folder that contains encrypted files. Victims are provided with a unique ID and numerous Tor network connections to download Alma Locker's decryption tool. The Alma ransomware came to prominence following research conducted by graduate students at George Mason University, who confirmed its existence and functionality. A decryption tool for this ransomware is available, as noted in the link provided (https://www.pcrisk.com/removal-guides/10403-alma-locker-ransomware). However, victims are often required to contact the Alma Locker ransomware developers to decrypt their affected data, which can be a risky process. Despite the threat posed by the Alma ransomware, there are protections and solutions in place. For instance, KernelCare supports all popular enterprise Linux distributions, including Debian, Ubuntu, RHEL, CentOS, Alma Linux, Oracle Linux, and more, potentially providing some level of protection against such threats. In addition, privacy laws like the California Privacy Rights Act (CPRA) and forthcoming regulations from the White House's National Cybersecurity Strategy offer additional protections against malicious software.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Red Hat

Locker

Malware

Encryption

Ransom

Ransomware

Debian

Centos

Linux

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Alma Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Krebs on Security	4 months ago	Mozilla Drops Onerep After CEO Admits to Running People-Search Networks
Krebs on Security	4 months ago	CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
CERT-EU	5 months ago	From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin \| MSRC Blog \| Microsoft Security Response Center
CERT-EU	6 months ago	Critical Linux Security Updates for Debian 12 and Debian 11
CERT-EU	7 months ago	Kansas Sheriff's Corporal recognized for stopping a child predator \| #childpredator \| #kidsaftey \| #childsaftey \| National Cyber Security Consulting
CERT-EU	7 months ago	Snapchat child sex predator brought down with help from Kansas peace officer \| #childpredator \| #kidsaftey \| #childsaftey \| National Cyber Security Consulting
CERT-EU	10 months ago	Which Types of Data Breaches Warrant Greater Punishment?
CERT-EU	a year ago	Links 31/03/2023: Mozilla Turns 25 and OpenMandriva 23.03
CERT-EU	9 months ago	Fashion police, brawls, and heckling: House Republicans' petty drama has no end in sight
CERT-EU	a year ago	OpenIndiana Hipster Frustrations. (Revisiting Solaris, Non-Linux Systems, CentOS Stream)
CERT-EU	9 months ago	Bill Ackman's misguided Harvard crusade
Krebs on Security	a year ago	LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
CERT-EU	a year ago	News Alert: Utimaco finds regional disparities in consumers’ level of trust in digital security \| The Last Watchdog
CERT-EU	a year ago	The Best National Security Beach Reads of the Summer
CERT-EU	a year ago	200+ Free Ransomware Decryption Tools You Need [2022 List]
CERT-EU	a year ago	The Free Software Community is Exploited by Greedy Business People, It's Not Freeloading (Yet More Name-calling, Trolling and Shaming of Volunteers)
DARKReading	a year ago	Hawaii's Gemini North Observatory Suspended After Cyberattack