Fabio Sajoratto 0 Posted July 14, 2017 Report Share Posted July 14, 2017 I need help finding a program that decrypts the files that were infected by this virus on my server. Quote Link to post Share on other sites
quietman7 3 Posted July 15, 2017 Report Share Posted July 15, 2017 .aleta is based on the latest version AES-256 version of the BTCWare Ransomware family which use a different RSA-1024 key and is not decryptable. If possible, your best option is to restore from backups. Other possible options include using native Windows Previous Versions or programs like Shadow Explorer and ShadowCopyView if the malware did not delete all shadow copy snapshots as it typically does or the encrypted process was interrupted. It never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for these infections to sometimes fail to delete the Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...again, it never hurts to try. Quote Link to post Share on other sites
Sarah W 26 Posted July 15, 2017 Report Share Posted July 15, 2017 Hi Fabio Sajoratto, Another thing to note is that the criminals hack in via RDP which has weak passwords, so if you can disable RDP then please do so otherwise change the passwords to something more secure. Also, please install all critical windows updates. Regards, Sarah Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.