ViACrypt Ransomware
Posted: June 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 19 |
First Seen: | June 28, 2017 |
---|---|
OS(es) Affected: | Windows |
The ViACrypt Ransomware is a Trojan that uses an RSA algorithm to lock your files and extort money for a promise of giving you the decryptor's pass-code. Users should disconnect from the Internet to limit this threat's communication with remote servers, and use backups to restore their locked media after disinfecting the PC. Many anti-malware products are identifying and removing the ViACrypt Ransomware successfully, although they may detect it as a version of the banking Trojan, Zusy.
The Means Via Con Artists to Turn Your Files into Their Money
Threat actors appear to be readying for launching another data-ransoming campaign targeting specific regions of the world, such as Latvia. This newly detected threat, the ViACrypt Ransomware, uses an advanced encryption method to keep you from decoding the files it locks, includes network features for assisting the threat actors with their extortion, and has website support. Despite its fully fleshed out payload, malware analysts are estimating that this Trojan is an independent development, rather than a new version of Hidden Tear, for instance.
After using still unknown means of compromising the PC, the ViACrypt Ransomware runs an asymptomatic encryption function that locks content such as documents, pictures and other media. Malware researchers can confirm that the ViACrypt Ransomware uses the RSA-1024 as part of this routine, but, unlike most threats, doesn't use RSA to protect a code that it generates. Instead, the ViACrypt Ransomware applies it to the file data, making the encryption difficult to decode particularly. All of the files that the ViACrypt Ransomware locks in this manner also include '.via' extensions after their standard ones.
The ViACrypt Ransomware uploads the key to decrypting and unblocking that content to a Command & Control server, giving its threat actors exclusion possession of it effectively. So far, the ViACrypt Ransomware's admins are using a custom Web interface to coordinate their ransom negotiations with any victims, who can pay them in return for getting the decryptor's custom password theoretically.
Simple Solutions to Complex Trojans
The ViACrypt Ransomware's encryption isn't breakable, and the best chance victims have of gaining free access to its decryption key is to use network-monitoring tools to isolate the C&C traffic during the attack. Since such means are impractical for most PC users, malware researchers remain dedicated to recommending backups on other devices and remote servers as the simplest way of keeping your files safe. Although Windows does keep default backup data, this content often is deleted by threats like the ViACrypt Ransomware, such as members of the populous Hidden Tear family, and you never should rely on it as an exclusive solution.
Besides targeting Latvians, malware researchers can't verify other details related to how the ViACrypt Ransomware is circulating or installing itself. Threat actors may use exploit kits on corrupted websites, e-mail attachments with misleading names, or brute-force methods to attack lucrative systems. You can use reputable anti-malware products of most brands to block this threat or, less ideally, remove the ViACrypt Ransomware after it attacks your computer.
The ViACrypt Ransomware does its best to make sure that those it attacks have nowhere to turn for file restoration, except into the profit-seeking arms of its threat actors. Since unearned trust in such situations is rewarded rarely, you shouldn't hesitate to do whatever it takes to keep Trojans like this one from taking what's yours.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.