Aleta Ransomware – Remove and Decrypt Files for Free - How to, Technology and PC Security Forum |

Aleta Ransomware – Remove and Decrypt Files for Free

This article has been created to help you remove Aleta BTCWare ransomware from your computer and restore .aleta encrypted files.

A new version of BTCware ransomware has came out, following the .MASTER variant. It is now calling itself Aleta ransomware and encrypts the files on compromised computers using the .aleta file extension as a suffix. The ransomware infection then aims to perform multiple different notifications to the victim that he or she must pay a ransom in BTC to get the files back. The virus also leaves behind the e-mail for contact. If your computer has been infected by this ransomware virus, we recommend you to read this article and learn how to remove It and decrypt your files for free.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer using AES cipher after which asks for a payment in BitCoin.
SymptomsA black-green wallpaper, starting with “ALETA RANSOMWARE”. Files encrypted with the .aleta file extension. A ransom note, named #_READ_ME_#.inf.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Aleta


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Aleta.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Aleta Ransomware – Activity Report

The ransomware, dubbed Aleta because of the green-black wallpaper which It uses can slither onto your computer via spammed e-mails. Such e-mail addresses often have embedded e-mail attachments that can infect your computer with the aid of various exploits, web-injectors, fake updates, repacked and infected program installers. These malicious objects can also be met on other online places such as torrent websites as well as suspicious software distribution sites.

When the victim opens the malicious object, the virus begins to insert multiple processes in Windows Command Prompt in order to remain obfuscated from antivirus programs. When an infection takes place, the virus begins to immediately drop it’s malicious files o the compromised computer. They are configured to delete the shadow volume copies on the infected machine via the vssadmin command in Windows command prompt:

After this has been performed the ransomware virus drops it’s ransom note, named #_READ_ME_#.inf which has the following message to victims:

[WHAT HAPPENED] Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail:
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE] Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS] The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
[ATTENTION] Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours – your key has been deleted and you cant decrypt your files
Your ID:

In addition to this, the Aleta ransomware also changes the wallpaper of the infected computer by utilizing various commands.

For it’s encryption process the Aleta variant of BTCWare ransomware uses the AES algorithm. This cipher has been utilized by the malware with the one and only purpose of rendering the files on the infected computer no longer openable. The virus then sets the .aleta file extension on the encrypted files as a suffix along with the cyber-criminals’ e-mail.

Despite that the cyber-criminals who are behind the Aleta ransomware infection have made efforts to scare off the victims into paying the ransom, security experts have managed to create a decryptor for the ransomware infection. We have created instructions on how the decrypter works below and if you are a victim of the Aleta ransomware virus, we recommend you to read them carefully.

Remove Aleta Ransomware from Your Computer

For the effective removal of the Aleta threat, you must isolate the virus in Safe Mode first. Then, we recommend removing it with the aid of an advanced anti-malware tool, which can be installed in regular Windows mode before hand. Such tool not only will fully, safely and easily remove Aleta’s virus files from your computer but will also protect your PC from future attacks.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:


  1. AvatarMichael Painter

    The only problem is that this decryptor doesn’t yet work on the Aleta variant.

  2. AvatarJosy Oliveira

    O botão Decrypt não ativa por que?

  3. AvatarBruce

    Y es probable que nunca funcione porque Aleta fue programado con una llave RSA de 1024bits por lo tanto su método de encripción es demasiado robusta para ser descifrada.


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share