Aleta Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 14,658 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 94 |
| First Seen: | July 4, 2017 |
| Last Seen: | August 9, 2023 |
| OS(es) Affected: | Windows |
The Aleta Ransomware is an encryption ransomware Trojan that is used to attack computer users that execute the Windows operating system. The Aleta Ransomware may be delivered through spam email messages, which will contain a corrupted file attachment, often a file containing scripts or macros that download and install the Aleta Ransomware on the victim's computer. The Aleta Ransomware is one of the many variants in the BTCWare family, a known ransomware family that has been active for some time. The files encrypted by the Aleta Ransomware can be recognized easily because the Aleta Ransomware will add the file extension '.aleta' to the end of each affected file's name. Like other ransomware Trojans, the Aleta Ransomware is designed to encrypt the victim's files using a blend of the AES and RSA encryption algorithms, then demand the payment of a ransom to recover access to the affected files.
Your Desktop Image will be Changed to Accommodate a Ransom Note
The Aleta Ransomware uses a strong encryption algorithm, making the files affected by the Aleta Ransomware attack inaccessible once they have been encrypted. The Aleta Ransomware will change the affected files' names by adding the following string to the end of each file as an extension:
[email address].aleta
Two email addresses are associated with the Aleta Ransomware attacks: 'black.mirror@qq.com' and 'darkwaiderr@cock.li.' Once a file has been encrypted and renamed, it will no longer be able to be opened, and it will show up as a blank icon in Windows Explorer. The Aleta Ransomware will drop a ransom note on the infected computer's desktop. This file, named '!#_READ_ME_#!.inf,' will contain the Aleta Ransomware's ransom note.The Aleta Ransomware will alter the infected computer's desktop image into a black screen with green text. Similar texts are displayed on the Aleta Ransomware's ransom note file and in the desktop message. The Aleta Ransomware's ransom note reads as follows:
'[WHAT HAPPENED]
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: black.mirror@qq.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
https://localbitcoins.com/buy_bitcoins
[ATTENTION]
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files
Your ID:
bv/T6B2J***'
and
'Aleta Ransomware
Your important files produced on this computer have been encrypted!
The only way to decrypt your files is to receive the private-key and decryption program.
To receive the private-key and decryption program write us to the e-mail: darkwaiderr@cock.li and attach your ID
You can find it in READ_ME file
ATTENTION!
If you not write on e-mail in 36 hours your key has been deleted and you cant decrypt your files'
Dealing with a Aleta Ransomware Infection
Computer users are counseled to refrain from contacting the email accounts associated with the Aleta Ransomware attack. Instead, the Aleta Ransomware should be removed with the help of a reliable, fully updated anti-malware application immediately. The files encrypted by the Aleta Ransomware attack will not be recoverable so that computer users will be forced to restore the affected files from a backup copy. In fact, file backups are the best protection against attacks like the Aleta Ransomware, since the people responsible for the Aleta Ransomware attack will lose any leverage over the victim if the computer user can recover the files from a backup copy.
