The developer of Master ransomware leaks private keys before launching Aleta ransomware campaign
Master ransomware is a version of BTCWare virus. The ransomware has compromised thousands of computers worldwide, taking data stored on them, hostage. This version of the ransomware used to create !#_RESTORE_FILES_#!.inf files as ransom notes and demand a ransom in Bitcoins. Master virus always appended a particular file extension to files that consisted of criminals’ email address and the aforementioned extension, giving a final result of .[email].master.
The developer of the ransomware mysteriously emerged in online forums and on June 30th posted an announcement that within 5 days Master’s decryption keys will be published. Although some did not believe in such words and thought that the message was fake, the private keys were actually leaked.
It is believed that the developer of the ransomware leaked the keys because he was planning to release an updated version, which turned out to be Aleta ransomware. The new virus drops !#_READ_ME_#!.inf ransom note and demands 2 Bitcoins in exchange for a decryption tool. It also marks each file with .[[email protected]].aleta extension.
A free Master decryption software is available
Using the leaked keys, a security researcher Michael Gillespie updated Master Decryptor, making it capable of decrypting BTCWare versions using these extensions on encrypted data:
- .btcware;
- .onyon;
- .master;
- .theva;
- .cryptobyte;
- .cryptowin;
- .xfile.
However, the researcher points out that the ransomware contains a bug that prevents some files from being decrypted successfully. It appears that files smaller than 10MB will contain 16b of junk added to their decrypted versions. However, files larger than that will be successfully decrypted. To remove Master virus and decrypt your files, follow instructions provided on 2-Spyware site.
Reasons not to pay the ransom
If your computer was affected by Aleta or any other BTCWare version, we suggest staying patient. So far, many victims managed to recover their files without paying, although they had to wait for the free decryption tools. However, we believe that it is worth waiting, especially when the cyber frauds ask for such an enormous ransom larger than 5000 USD.
For data recovery solutions and virus removal guidelines, we suggest visiting NoVirus web page. You can find a lot of great cyber security related tips here.