Jump to content

Infection by [[email protected]] .aleta

Recommended Posts

.aleta is based on the latest version AES-256 version of the BTCWare Ransomware family which use a different RSA-1024 key and is not decryptable. If possible, your best option is to restore from backups.

Other possible options include using native Windows Previous Versions or programs like Shadow Explorer and ShadowCopyView if the malware did not delete all shadow copy snapshots as it typically does or the encrypted process was interrupted. It never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for these infections to sometimes fail to delete the Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...again, it never hurts to try.

Link to comment
Share on other sites

Hi Fabio Sajoratto,

Another thing to note is that the criminals hack in via RDP which has weak passwords, so if you can disable RDP then please do so otherwise change the passwords to something more secure. Also, please install all critical windows updates.



Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...