Severity scale:  

Remove Alka ransomware (Free Guide) - Decryption Methods Included

removal by Jake Doevan - - | Type: Ransomware

Alka ransomware is the cryptovirus that encrypts files and corrupts the system settings in several attack stages

Alka ransomwareAlka ransomware – malware that extorts a particular fee for the alleged decryption tool that should help to unlock encoded files marked using .alka extension. It is a version of the DJVU virus that is releasing a new version after version and not stopping for three years now. Previously, some of the versions were decryptable, and people got their files back with the help of STOPDecrypter.exe file and the tool that researchers developed based on offline keys. After August 2019, malicious actors who develop this virus started to use proper encryption methods and rely on online keys. This fact made it worse for all the victims all over the world because when each victim gets the unique ID, decryption is only possible with that particular key. In some cases, when IDs end in t1, they can be used to restore at least some of the files because, with offline keys, encryption codes are easier to break.

Questions about Alka ransomware

Since Alka ransomware virus mainly uses online IDs, as other versions released in the past six months, f.e Repp dropped around the same time, there are fewer options left for victims. Tools, that researchers have, only work with offline IDs that can be used for many victims at the time. The other option is paying the ransom, but experts[1] rarely state that it is safe, especially when it comes to such large cryptovirus families. Since decryption is not easy, it is better to focus on terminating the malware and recovering the machine using other options – thrid party data restoring applications and anti-malware tools.

Name Alka ransomware
Family This is a threat belonging to the STOP virus family. The 204th version of the Djvu ransomware
File marker .alka is the appendix that indicates all the data affected during the encryption. This marker gets added at the end of the original name after the file type extension
Ransom note _readme.txt – the file that gets placed in folders where encrypted data is and on the desktop where people can find the message as soon as possible
Amount of ransom demanded It starts at $980, but actors try to fake the trust and offer a discount of 50% for people who contact criminals in the first 72 hours, which makes the ransom $490 in the form of Bitcoin. 
Contact emails,
Distinct features The malware injects AZORult trojan on the system as a secondary payload that can steal various information; it alters hosts files so the victim cannot access security software providers, sites like this one; malware shows a fake Windows OS update window during the encryption, so the victim is not paying attention to the slowness and disturbance of the performance
Distribution It is known that one of the more unique ways of how this family injects products on the machines involves pirated software and torrent sites because software cracks,[2] licensed keys, game cheats and other files like that include malicious script which triggers ransomware infection
Elimination Alka ransomware removal is a process that requires additional help and advanced knowledge since it involves a few types of malware, possibly, and system alterations. So the best way os to get the anti-malware program and scan the computer for thorough cleaning
Decryption options Files affected by the Alka version cannot get easily decrypted unless the victims' ID ends in t1 what indicates the offline key used for encryption. If so, Emsisoft has a tool that may help. Otherwise, the official decryption tool is not available, so you may need third-party options for recovery 
Repair You still need to clean the machine and fix the damage that virus leaves on the system, so get PC repair program or an optimizer like Reimage Reimage Cleaner Intego and find affected parts of your device and possibly fix them without causing additional issues

Alka ransomware is not targeting particular countries, so anyone and anywhere can get affected by this threat and suffer the loss of data or even money if they decide to pay the creators. The encryption that ransomware is based on changes original code of data like images, documents, audio, video files. This process also affects databases and archives, but system files and folders get interfered too, just not during the encryption.

Alka ransomware and Djvu versions, in general, are known for displaying the fake Windows update program window that states about a running process, so people believe that slowness of the system is caused by this, not anything else. During this time, encryption and all the other changes takes place. When files get the .alka marker, they already are unreadable and cannot be used, so the ransom is demanded in _readme.txt file. 

However, the attack is not ending here. To ensure that victims cannot easily recover after the infection and that there are fewer options for Alka ransomware removal, virus developers focus on disabling particular security tools and functions. Since your AV software is possibly blocked, you need to enter the Safe Mode with Networking or use another method that allows performing the system check.

Unfortunately, it becomes difficult to remove Alka ransomware and to restore files after these registry and system file alterations. When startup preferences get changed, ransomware is launched newly over and over, and all the processes of disabling and blocking programs continue. The virus can install files, applications, and other malware, so the machine gets even more damaged over time.

You should clean the system as soon as possible to avoid permanent and unrepairable Alka ransomware virus damage. However, you may fix such issues with system tools like Reimage Reimage Cleaner Intego since such a program can find affected system files and repair them without damaging other processes.  Alka ransomware virusAlka ransomware is the cryptovirus that demands money from victims when their commonly used files get encrypted. Don't fall for the discount offers and test decryption opportunities.

Alka ransomware file encryption and recovery

Alka ransomware starts with encryption as soon as the payload file lands on the machine. Malware uses a powerful algorithm that allows finding the most commonly used and valuable files. Then the virus can change those personal files and demand payment for the recovery.

It happens first because actors focus on locking data and demanding payments from victims. The ransom demanding file _readme.txt also gets placed on the system as soon as possible. The ransom note delivers the same message that has been distributed since 2016:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

Additional changes that Alka ransomware makes, happens after the encryption and cannot be easily noticed because of that. The blackmailing message distracts victims from any other activities, and malware can run uninterrupted while people decide to pay or not. This is not the solution for such malware, and researchers note that people shouldn't even contact criminals in such instances.

This is probably the reason why developers keep releasing version after version and blocking such sites like security software providers, malware researchers' blogs, and so on. Victims cannot get too much information about the infection and decides to pay. When it comes to recovery after Alka ransomware infection, it is important to note that some facts can determine how easy it is to get your files back:

  •  we already mentioned that offline vs. online keys get used by these malware creators and since Alka ransomware is one of the newer versions it mostly relies on online victim IDs, making the decryption merely impossible;
  • if you know that offline key got used in the particular attack on your machine, you can rely on decryption tool and researchers;
  • additional options could be Data Recovery Pro and Windows Previous Versions that can be found at the bottom of this guide.

Alka files virusAlka ransomware is called like that because it focuses on ransom-demanding messages and getting money for alleged decryption keys. In most cases, people don't receive their decryption tools, so DO NOT pay.  

Deceptive techniques enable hackers to spread malicious code on a large scale

It is common to get an infection like ransomware or trojan from spam email attachments, hacked sites, malicious pages, and insecure software installations involved in pirating services. Many opportunities allow hackers to spread quickly and even deliver other threats on the infected machine.[3]

In most cases, this threat comes unnoticed because the victim opens the email attachment without paying close attention or installs a package from sharing services where pirated or even malicious files get included. Spam email can have links on the notification that directly reroutes users to malware-dropping service, so you only need to click on a dangerous content once to get infected. This is a very dangerous threat that starts working immediately. Remember:

  • pirating software, getting game cheats and other cracks of applications are not only illegal but highly dangerous activities;
  • spam emails that are sent from questionable sources, unknown companies, services, and commercial providers should be taken into consideration before opening;
  • don't download random MS documents and other files on the machine from emails or websites you are not sure of.

Make the system clean from Alka files virus traces

Even though Alka ransomware virus is focusing on encryption and ransom demands, that doesn't mean other parts of the device are affected. The infected system is vulnerable to infections, and especially when threats besides the cryptovirus get installed, the cleaning process is crucial.

Alka ransomware removal is significantly affected by all the alterations in the system folders, Windows registry, and other parts that control functions and programs running on the computer. Although anti-malware tools are the ones that should help the best, you may need to reboot the machine in Safe Mode additionally.

To remove Alka ransomware, get SpyHunter 5Combo Cleaner or Malwarebytes and run it on the system. Follow all the steps that the program suggests and remember to double-check before proceeding with file repair options. If you add your data backups on the system that still has virus traces, you may lose all your files. Fix system damage using Reimage Reimage Cleaner Intego and then go through recovery option suggestions below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Alka virus, follow these steps:

Remove Alka using Safe Mode with Networking

Reboot the machine in Safe Mode with Networking and remove the Alka ransomware with AV tools then

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Alka

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Alka removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Alka using System Restore

System Restore is a feature worth trying because it allows the user to recover the machine in a previous state when the virus was not active

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Alka. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Alka removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Alka from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Alka, you can use several methods to restore them:

Data Recovery Pro is the program that can possibly be used for file restoring

When Alka ransomware encrypts your files, but you don't have a particular data backups, Data Recovery Pro can restore then for you. It also helps for accidentally deleted data

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Alka ransomware;
  • Restore them.

Windows Previous Versions feature restores individual files that get affected by the malware

When System Restore gets enabled, Windows Previous Versions can be the solution for affected data

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer method for encrypted files

If Alka ransomware is not affecting Shadow Volume Copies, ShadowExplorer can be used as an alternative method for data repair

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool for Alka ransomware is not developed, but there are a few options

When offline IDs get used for locking files, Emsisoft can offer the DJVU decryption tool that can repair encoded data

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Alka and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

Removal guides in other languages

Your opinion regarding Alka ransomware