Aleta Ransomware
Posted: July 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 17,389 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 220 |
| First Seen: | July 4, 2017 |
|---|---|
| Last Seen: | August 9, 2023 |
| OS(es) Affected: | Windows |
The Aleta Ransomware is an updated version of the BTCWare Ransomware, following the public release of encryption information related to the last branch of the family. This new version of the Trojan isn't open to free decoding currently and will continue to lock your files until you pay a ransom for them. Use backups saved externally to keep your content safe from Trojans of this type, and anti-malware products for uninstalling the Aleta Ransomware after an attack.
Making Money from Remote Desktop Extortion
As of the first week of July, RDP vulnerabilities, while always prominent for empowering the distribution side of Trojan campaigns, now are becoming even more favored among newer attacks. Both independent threats like the Lalabitch Ransomware and the youngest version of the BTCWare Ransomware family, the Aleta Ransomware, are abusing Remote Desktop features to compromise business and recreational systems. Unfortunately, malware experts also can confirm that the Aleta Ransomware is including a modified encryption algorithm, which prevents any old keys from unlocking your files.
Con artists are installing this last threat after compromising arbitrary servers through brute-force hacking methods or other strategies, such as phishing attacks, that get them access to the network logins. When launched, the Aleta Ransomware conducts several attacks typical of its family and similar ones like it. All of these activities conceal themselves within background processes, with no UI, and include:
- The Aleta Ransomware deletes SVC backups that the victim could use to recover anything it blocks.
- The Aleta Ransomware locks, via a standard data-enciphering algorithm, media such as movies, pictures or documents. The names of these files also have appended extensions showing the threat actor's e-mail address and the '.aleta' string.
- The Aleta Ransomware issues CMD-based commands for disabling the Windows data recovery and system repair features.
- Last, the Trojan appears to use both an image and a text-based ransoming message. The details adhere to many of the previous traditions in this form of extortion, as per malware experts last analyses of the BTCWare Ransomware family, including a time limit, a 'free trial' of the decryptor, and a ransom transaction occurring through the Bitcoin cryptocurrency.
Impoverishing the Next Member of a Trojan Family
Although early samples were, at first, presumed to be a new version of the Amnesia Ransomware, the Aleta Ransomware is now verifiable as being an update to the BTCWare Ransomware, with a new name and encryption cipher to keep any files it locks from being salvageable by public methods. Along with its eliminating local backups, the Aleta Ransomware also is targeting network-accessible storage devices for encrypting. Malware experts suggest detaching any essential backup devices when they're not in use, and password protecting your network data storage.
Acquiring help from the Aleta Ransomware's threat actor is the only known way to reverse its encoding attack. You can prevent infections and the need of resorting to potentially non-beneficial Bitcoin payments by monitoring your network settings, using good password habits, closing vulnerable ports, and keeping track of your RDP settings for tampering. Remote attackers also may install other threats, in addition to the Aleta Ransomware, and victims always should use conclusive anti-malware scans for deleting the Aleta Ransomware.
The BTCWare Ransomware's admins are busy at work with the next generation of their 'product.' Whether the Aleta Ransomware manages to be as successful as its ancestors, however, remains up to the PC owners it attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.