Fabio Sajoratto 0 Report post Posted July 14, 2017 I need help finding a program that decrypts the files that were infected by this virus on my server. Quote Share this post Link to post Share on other sites
quietman7 1 Report post Posted July 15, 2017 .aleta is based on the latest version AES-256 version of the BTCWare Ransomware family which use a different RSA-1024 key and is not decryptable. If possible, your best option is to restore from backups. Other possible options include using native Windows Previous Versions or programs like Shadow Explorer and ShadowCopyView if the malware did not delete all shadow copy snapshots as it typically does or the encrypted process was interrupted. It never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for these infections to sometimes fail to delete the Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...again, it never hurts to try. Quote Share this post Link to post Share on other sites
Sarah W 26 Report post Posted July 15, 2017 Hi Fabio Sajoratto, Another thing to note is that the criminals hack in via RDP which has weak passwords, so if you can disable RDP then please do so otherwise change the passwords to something more secure. Also, please install all critical windows updates. Regards, Sarah Quote Share this post Link to post Share on other sites
