• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Ransomware • Security  /  Malware alert! Beware of the BTCWare Aleta Ransomware
25 July 2017

Malware alert! Beware of the BTCWare Aleta Ransomware

Written by Rajib Singha
Rajib Singha
Ransomware, Security
Estimated reading time: 3 minutes

Quick Heal Security Labs has observed the entry of a new BTCWare ransomware (first observed at the beginning of 2017) variant called ‘Aleta’. This ransomware is called so because it appends a “.aleta” extension to files it encrypts in an infected computer. Although BTCWare ransomware variants do not seem to use any special techniques or exploits like WannaCry or NotPetya ransomware did, it uses RDP Brute-Force attacks to gain access to the infected system.

Read more on how RDP is exploited by attackers to spread ransomware and other malware.

BTCWare Aleta ransomware uses the AES256 encryption scheme. An interesting IOC (indicator of compromise) observed with the ransomware is the email ID associated with requesting the decryption key – black.mirror@qq.com. This email has been previously reported to have been associated with different variants of Amnesia & BTCWare ransomware. Spam emails with malicious attachments containing malicious script, doc, and executable files are used by this ransomware as its carrier.

Ransom note
Ransom note

Seqrite Endpoint Protection against BTCWare (Aleta) Ransomware

Fig 1. Seqrite Endpoint Security IDS/IPS Protection
Fig 1. Seqrite Endpoint Security IDS/IPS Protection

 

Fig: Seqrite Endpoint Security Signature Detection
Fig 2. Seqrite Endpoint Security Signature Detection

 

Fig 3. Seqrite Endpoint Security Virus Protection (Script File)
Fig 3. Seqrite Endpoint Security Virus Protection (Script File)

 

Fig 4. Seqrite Endpoint Security Advanced Behavior Detection System
Fig 4. Seqrite Endpoint Security Advanced Behavior Detection System

Stay away from ransomware with these security tips

  1. Back up your files on a regular basis. A ransomware goes after your files when it infects your computer. If you have a backup of all your important files, there is no reason why you should give in to the ransomware’s demands. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services available on the market that can take data backup periodically.
  2. Provide Read/Write privileges to network shares only when required. Try not to keep open shares as they are likely to fall prey to encryption if there is a ransomware infection.
  3. Use strong login credentials for both the user and administrator. Weak credentials can be easily brute forced to gain system access.
  4. Use a security solution that gives multilayered protection against infected emails, malicious websites, and stop infections that can spread through USB drives. Keep the software up-to-date.
  5. Apply recommended security updates for your computer’s Operating System and all other programs such as Adobe, Java, Internet Browsers, etc.
  6. Do not click on links or download attachments that arrive in emails from unwanted or unexpected sources. Even if such emails seem to be from a known source, it is better to call up the sender and verify them first.

Acknowledgement

Subject Matter Expert

– Shantanu Vichare | Quick Heal Security Labs

 Previous PostWhy Education Institutions Need Security Software?
Next Post  Security Challenges in BYOD
Rajib Singha
About Rajib Singha

Rajib is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...

Articles by Rajib Singha »

Related Posts

  • BEC and Ransomware attacks unsettle businesses globally.

    BEC and Ransomware attacks increase during the pandemic

    January 22, 2021
  • Thanos Ransomware adopts hyper-weaponized RIPlace tactics — collects huge pay-offs.

    Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic

    November 18, 2020
  • Hackers ransack businesses by riding on the modern-day Trojan Horse.

    PonyFinal Ransomware dubbed by many as the modern-day Trojan horse.

    August 26, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.