Recommended Posts

.aleta is based on the latest version AES-256 version of the BTCWare Ransomware family which use a different RSA-1024 key and is not decryptable. If possible, your best option is to restore from backups.

Other possible options include using native Windows Previous Versions or programs like Shadow Explorer and ShadowCopyView if the malware did not delete all shadow copy snapshots as it typically does or the encrypted process was interrupted. It never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for these infections to sometimes fail to delete the Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...again, it never hurts to try.

Share this post


Link to post
Share on other sites

Hi Fabio Sajoratto,

Another thing to note is that the criminals hack in via RDP which has weak passwords, so if you can disable RDP then please do so otherwise change the passwords to something more secure. Also, please install all critical windows updates.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.