CryptoViki Ransomware
Posted: May 16, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 5 |
First Seen: | May 16, 2017 |
---|---|
Last Seen: | July 23, 2019 |
OS(es) Affected: | Windows |
The CryptoViki Ransomware is a Trojan that blocks your files by encrypting them for the sake of selling its decryptor afterward. Buying a con artist's decryption help is an unreliable means of recovering your data, and most users should keep backups that give them free options for restoring any damaged files. A majority of professional anti-malware programs also can delete the CryptoViki Ransomware and block the encryption routine.
Two-Tongued Trojans for Twice the Profits
Formerly a favored base of operations for threat actors only interested in targeting other nations, Russia is not anymore the haven it once was and is seeing more Trojan campaigns spreading inside its borders. These attacks include file-encryption-based extortion, as malware experts confirm with threats like the CryptoViki Ransomware. Its mode of communication also leaves options open for compromising data elsewhere in the world, which makes the CryptoViki Ransomware a potentially geographically wide-ranging security issue.
The CryptoViki Ransomware has no relatives of note and isn't a member of pre-established families like Hidden Tear or the Crysis Ransomware. Its model for installation onto other PCs is, likewise, still in determination, although malware experts recommend examining unexpected e-mail attachments for possible Trojan droppers particularly. The CryptoViki Ransomware's current payload includes the following:
- The CryptoViki Ransomware encrypts formats including Excel spreadsheets and Adobe PDF documents, among other ones. Although the encryption isn't, in theory, irreversible, it does stop any encoded files from opening until the user restores them with a decryption program using the matching key.
- Every file fitting the above description is recognizable through the '.viki' extensions the CryptoViki Ransomware appends to their names. The new extensions don't erase the old ones (for example, one file could appear as 'document.pdf.viki').
- The CryptoViki Ransomware replaces the desktop wallpaper with a picture serving only to redirect the victim to its 'readme' ransoming message.
- That second file, in Notepad format, contains instructions both in Russian and English for ransoming your media. The threat actor is only asking that victims contact his e-mail address, although similar attacks usually end in demands for money, particularly Bitcoins.
Keeping Your Computer from Going Multi-National
File-encrypting payloads have the greatest capacity for damage to victims who don't back up their data to places that the Trojan can't target, such as USB devices or third-party storage servers. If you don't have additional copies of your files to overwrite the blocked ones, malware experts encourage contacting appropriate anti-malware specialists to determine your chances of free decryption. As a new threat without connections to old Trojans, the CryptoViki Ransomware's current decryption possibilities are unknown.
Infection methods traditional to threats like the CryptoViki Ransomware encompass e-mail attachments, script vulnerabilities on hostile websites, and brute-force attacks. Of these three strategies, the latter is the only tactic that isn't preventable through appropriate anti-malware protection directly. Con artists also may introduce the CryptoViki Ransomware with the additional help of another Trojan, which makes full system scans with good security products an integral part of removing the CryptoViki Ransomware infections comprehensively.
As the world's interconnected economy becomes even more so, misdeeds also are finding new ways to move across borders. For the average PC owner, that means that their files aren't safe from attacks like the CryptoViki Ransomware's campaign, no matter where they live or work.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 73.72 KB (73728 bytes)
MD5: 696452bdc9b90e64b76b69ef02ad5afb
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 16, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.