ViACrypt Ransomware

The ViACrypt Ransomware is an encryption Trojan that is designed to encrypt victims' files and then demand the payment of a ransom. Con artists based in Norway probably created the ViACrypt Ransomware. The attacks reported in association with the ViACrypt Ransomware have targeted computer users located in Latvia, and seemingly attacks computer users using the latest version of the Windows operating system. The ViACrypt Ransomware, like many other encryption ransomware Trojans, is distributed using corrupted email attachments, often taking the form of compromised Microsoft Word files that use bad scripts or macros to download the ViACrypt Ransomware onto the victim's computer. It is likely that the ViACrypt Ransomware will continue to expand through the Baltic region, as well as to countries such as Poland and Russia. The ViACrypt Ransomware seems to be created by independent threat creators rather than being part of a larger RaaS (Ransomware as a Service) scheme or another large ransomware family.

How the ViACrypt Ransomware may Attack a Computer

The ViACrypt Ransomware, in its attack, will run with the executable file 'crawl.exe.' The ViACrypt Ransomware, during its attacks, will encrypt the files using the RSA 1024 encryption, rather than the AES 256, which is the more common encryption algorithm used in these attacks. The ViACrypt Ransomware will communicate with its Command and Control server, which in versions of the ViACrypt Ransomware observed previously, was located on the IP address 178.62.195.209. In its communications, the ViACrypt Ransomware will relay information about the infected computer and its location. The ViACrypt Ransomware has various features in its attack that allow the ViACrypt Ransomware to evade detection from various anti-virus programs commonly used.

In its attack, the ViACrypt Ransomware will encrypt a wide variety of file types, including video, image, audio, database, eBook, text, and various other file types. The ViACrypt Ransomware also will target files with extensions generated by many commonly used programs, including Microsoft Word, Adobe Photoshop and others. The ViACrypt Ransomware will add the file extension '.via' to all the files encrypted by this attack. However, there is very little to differentiate the ViACrypt Ransomware from many other encryption ransomware Trojans that are being used to attack computers currently. The ViACrypt Ransomware will save the infected computer's encryption key in a file named 'your_encryption_public_key.rkf, ' and its ransom note is contained in a text file named 'your system has been encrypted! please read further instruction!.txt,' which contains the following ransom message:

Protecting Your Computer from a ViACrypt Ransomware Attack

PC security researchers blocked the domain that has been associated with the ViACrypt Ransomware attack, ‘sigmalab.lv,’. However, it is likely that the people responsible for the ViACrypt Ransomware attack will simply use a different domain to carry out the attacks associated with the ViACrypt Ransomware. Because of this and the proliferation of these attacks, it is important to take steps to protect your computer and data from the ViACrypt Ransomware and similar threats. The best protection against the ViACrypt Ransomware is to have file backups and an upgraded security program. Having backup copies of your files on an external memory device or the cloud means that the people responsible for the ViACrypt Ransomware attack lose any leverage that allows them to demand a ransom payment. Apart from this, a reliable security program will be capable of detecting and removing the ViACrypt Ransomware but will be of no use when it comes to recovering any files encrypted by these attacks.