• News
  • Security
  • Products
  • About Seqrite
Blogs on Information Technology, Network & Cybersecurity | Seqrite Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Ransomware • Security  /  Malware alert! Beware of the BTCWare Aleta Ransomware
Malware alert! Beware of the BTCWare Aleta Ransomware
25 July 2017

Malware alert! Beware of the BTCWare Aleta Ransomware

Written by Rajib Singha
Rajib Singha
Ransomware, Security

Quick Heal Security Labs has observed the entry of a new BTCWare ransomware (first observed at the beginning of 2017) variant called ‘Aleta’. This ransomware is called so because it appends a “.aleta” extension to files it encrypts in an infected computer. Although BTCWare ransomware variants do not seem to use any special techniques or exploits like WannaCry or NotPetya ransomware did, it uses RDP Brute-Force attacks to gain access to the infected system.

Read more on how RDP is exploited by attackers to spread ransomware and other malware.

BTCWare Aleta ransomware uses the AES256 encryption scheme. An interesting IOC (indicator of compromise) observed with the ransomware is the email ID associated with requesting the decryption key – black.mirror@qq.com. This email has been previously reported to have been associated with different variants of Amnesia & BTCWare ransomware. Spam emails with malicious attachments containing malicious script, doc, and executable files are used by this ransomware as its carrier.

Ransom note
Ransom note

Seqrite Endpoint Protection against BTCWare (Aleta) Ransomware

Fig 1. Seqrite Endpoint Security IDS/IPS Protection
Fig 1. Seqrite Endpoint Security IDS/IPS Protection

 

Fig: Seqrite Endpoint Security Signature Detection
Fig 2. Seqrite Endpoint Security Signature Detection

 

Fig 3. Seqrite Endpoint Security Virus Protection (Script File)
Fig 3. Seqrite Endpoint Security Virus Protection (Script File)

 

Fig 4. Seqrite Endpoint Security Advanced Behavior Detection System
Fig 4. Seqrite Endpoint Security Advanced Behavior Detection System

Stay away from ransomware with these security tips

  1. Back up your files on a regular basis. A ransomware goes after your files when it infects your computer. If you have a backup of all your important files, there is no reason why you should give in to the ransomware’s demands. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services available on the market that can take data backup periodically.
  2. Provide Read/Write privileges to network shares only when required. Try not to keep open shares as they are likely to fall prey to encryption if there is a ransomware infection.
  3. Use strong login credentials for both the user and administrator. Weak credentials can be easily brute forced to gain system access.
  4. Use a security solution that gives multilayered protection against infected emails, malicious websites, and stop infections that can spread through USB drives. Keep the software up-to-date.
  5. Apply recommended security updates for your computer’s Operating System and all other programs such as Adobe, Java, Internet Browsers, etc.
  6. Do not click on links or download attachments that arrive in emails from unwanted or unexpected sources. Even if such emails seem to be from a known source, it is better to call up the sender and verify them first.

Acknowledgement

Subject Matter Expert

– Shantanu Vichare | Quick Heal Security Labs

 Previous PostWhy Education Institutions Need Security Software?
Next Post  Security Challenges in BYOD
Rajib Singha

About Rajib Singha

Rajib is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...

Articles by Rajib Singha »

Related Posts

  • Ransomware Attack Over Publicly Shared SMB2 Connections and Staying Protected with Seqrite

    March 11, 2025
  • How Attackers Exploit BitLocker: Turning Legitimate Tools into Ransomware Weapons

    March 11, 2025
  • Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks

    January 31, 2025
Featured Authors
  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director of Quick Heal Technologies...

    Read more..
  • Mahua Chakrabarthy
    Mahua Chakrabarthy

    A tea connoisseur who firmly believes that life is too short for dull content....

    Read more..
Topics
apt (20) Cyber-attack (36) cyber-attacks (58) cyberattack (16) cyberattacks (13) Cybersecurity (324) cyber security (32) Cyber threat (33) cyber threats (48) Data (11) data breach (55) data breaches (28) data loss (28) data loss prevention (34) data privacy (12) data protection (25) data security (15) DLP (49) Encryption (16) endpoint security (108) Enterprise security (17) Exploit (14) firewall (11) GDPR (12) hackers (11) malware (76) malware attack (23) malware attacks (12) MDM (25) Microsoft (15) Network security (22) Patch Management (12) phishing (27) Ransomware (67) ransomware attack (30) ransomware attacks (30) ransomware protection (14) security (11) Seqrite (33) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (16) windows (11)
Loading
Resources
  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies
About Us
  • About Seqrite
  • Leadership
  • Awards & Certifications
  • Newsroom
Archives
  • By Date
  • By Category
Loading

© 2025 Quick Heal Technologies Ltd. Cookie Policies Privacy Policies