Ransomware - Alpha Locker

Alpha Locker (Active)
Aliases
Alpha
MyData
Decryptor Available
No
Description

The first mentions of Alpha Locker, or Alpha, appeared in Bleeping Computer's forums in the Summer of 2023. However, in early January, the group appeared more ubiquitously within the cybersecurity community. This group is also known as "mydaya" because of the TOR domain name on which they host their data leak site. Nothing is known about the group besides what is on the data leak site and what is published on the Bleeping Computer forums. However, independent researcher Rakesh Krishnan also posted an article about some of Alpha Locker's operations. We weren't able to find an applicable hash or sample to analyze. Thankfully, within the Bleeping Computer's forums are hashes to the ransom notes on VirusTotal. Below is any other helpful information we could gather about this ransomware without a proper sample. We will post more details below if and when we find a sample.

Ransomware Type
Crypto-Ransomware
Data Broker
First Seen
Extortion Types
Direct Extortion
Double Extortion
Free Data Leaks
Extortion Amounts
Amount
0.1684 BTC
0.2720 BTC
Communication
Medium
Identifier
Tox
Crypto Wallets
Blockchain Type
Crypto Wallet
BTC
bc1q5d597cxs3gs7fzjtmga460eyad82temtt4rsln
BTC
bc1qff2u797mrekxtcnr68p2gqarnjxvy575jug430
File Extension
<file name>.<random 8 character alphanumeric string>
Ransom Note Name
<random 8 character alphanumeric string>.Readme.txt
Industry Sector Country Extortion Date Amount (USD)
Healthcare & Medicine United States
Professional Services France
Agriculture United States
Professional Services Australia
Fashion & Textiles Canada
Electronics Taiwan
Professional Services South Africa
Education United States
Oil & Gas United States
Manufacturing United Kingdom