Aleta Ransomware – Remove and Decrypt Files for Free - How to, Technology and PC Security Forum | SensorsTechForum.com

Aleta Ransomware – Remove and Decrypt Files for Free

This article has been created to help you remove Aleta BTCWare ransomware from your computer and restore .aleta encrypted files.

A new version of BTCware ransomware has came out, following the .MASTER variant. It is now calling itself Aleta ransomware and encrypts the files on compromised computers using the .aleta file extension as a suffix. The ransomware infection then aims to perform multiple different notifications to the victim that he or she must pay a ransom in BTC to get the files back. The virus also leaves behind the [email protected] e-mail for contact. If your computer has been infected by this ransomware virus, we recommend you to read this article and learn how to remove It and decrypt your files for free.

Threat Summary

NameAleta
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer using AES cipher after which asks for a payment in BitCoin.
SymptomsA black-green wallpaper, starting with “ALETA RANSOMWARE”. Files encrypted with the .aleta file extension. A ransom note, named #_READ_ME_#.inf.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Aleta

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Aleta.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Aleta Ransomware – Activity Report

The ransomware, dubbed Aleta because of the green-black wallpaper which It uses can slither onto your computer via spammed e-mails. Such e-mail addresses often have embedded e-mail attachments that can infect your computer with the aid of various exploits, web-injectors, fake updates, repacked and infected program installers. These malicious objects can also be met on other online places such as torrent websites as well as suspicious software distribution sites.

When the victim opens the malicious object, the virus begins to insert multiple processes in Windows Command Prompt in order to remain obfuscated from antivirus programs. When an infection takes place, the virus begins to immediately drop it’s malicious files o the compromised computer. They are configured to delete the shadow volume copies on the infected machine via the vssadmin command in Windows command prompt:

After this has been performed the ransomware virus drops it’s ransom note, named #_READ_ME_#.inf which has the following message to victims:

[WHAT HAPPENED] Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: [email protected]
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE] Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS] The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
https://localbitcoins.com/buy_bitcoins
[ATTENTION] Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours – your key has been deleted and you cant decrypt your files
Your ID:

In addition to this, the Aleta ransomware also changes the wallpaper of the infected computer by utilizing various commands.

For it’s encryption process the Aleta variant of BTCWare ransomware uses the AES algorithm. This cipher has been utilized by the malware with the one and only purpose of rendering the files on the infected computer no longer openable. The virus then sets the .aleta file extension on the encrypted files as a suffix along with the cyber-criminals’ e-mail.

Despite that the cyber-criminals who are behind the Aleta ransomware infection have made efforts to scare off the victims into paying the ransom, security experts have managed to create a decryptor for the ransomware infection. We have created instructions on how the decrypter works below and if you are a victim of the Aleta ransomware virus, we recommend you to read them carefully.

Remove Aleta Ransomware from Your Computer

For the effective removal of the Aleta threat, you must isolate the virus in Safe Mode first. Then, we recommend removing it with the aid of an advanced anti-malware tool, which can be installed in regular Windows mode before hand. Such tool not only will fully, safely and easily remove Aleta’s virus files from your computer but will also protect your PC from future attacks.

Manually delete Aleta from your computer

Note! Substantial notification about the Aleta threat: Manual removal of Aleta requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Aleta files and objects
2.Find malicious files created by Aleta on your PC

Automatically remove Aleta by downloading an advanced anti-malware program

1. Remove Aleta with SpyHunter Anti-Malware Tool and back up your data

Decrypt Files Encrypted by Aleta BTCWare Ransomware for Free

After removing the threat, all that is left is to decode the encrypted files. To perform this, follow these instructions:

In order to decrypt your files, first you should download the decrypter for BTCWare (Aleta is a BTCWare variant) by Michael Gillespie which contains the master decryption key:

Download

BTCWare Decrypter

After saving, the decrypter for Aleta ransomware, disable your antivirus, so It won’t block it. Then copy the decrypter somewhere where it can be easily found and open it.

After extracting the decrypter, start it and click on the “Select Directory” button after which navigate to a directory you wish to decrypt. Then simply decode the files in the directory by clicking on the “Decrypt” button:

Proceed this activity with the other directories as well for their decryption.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

3 Comments

  1. Michael Painter

    The only problem is that this decryptor doesn’t yet work on the Aleta variant.

    Reply
  2. Josy Oliveira

    O botão Decrypt não ativa por que?

    Reply
  3. Bruce

    Y es probable que nunca funcione porque Aleta fue programado con una llave RSA de 1024bits por lo tanto su método de encripción es demasiado robusta para ser descifrada.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.