Home Malware Programs Ransomware VIAM Ransomware

VIAM Ransomware

Posted: December 21, 2020

The VIAM Ransomware is a file-locker Trojan that can take data like documents hostage by encrypting it. It also extorts money from victims with ransom notes similar to those of Ryuk Ransomware's family. Users should protect any files by keeping backups on other devices and disinfect their computers through comprehensive anti-malware scans that remove the VIAM Ransomware and other threats.

Lest We Judge a Trojan's Ancestry Too Hastily

A file-locking Trojan that malware experts rate as unrelated to other known families currently is out in the wild – with not-insignificant support from its threat actor. Victims can mistake the VIAM Ransomware for a variant of different Trojans' families easily, including the Ryuk Ransomware, whose extortion instructions it cribs partially. Doing so would be a mistake since the VIAM Ransomware represents a clear divergence from that family's payload in other respects, despite still being threatening to the users' digital media.

The VIAM Ransomware, like all file-locker Trojans, targets files such as documents, images, or music and encrypts them as part of its blocking procedure. The Trojan also adds a 'viamwasted' extension at the ends of their names so that victims can identify the 'hostages' on sight.

The extortion end of the VIAM Ransomware's payload involves generating a ransom note for every file that it blocks, different from Ryuk Ransomware and most other families' operational standards distinctly. However, the messages' contents are identical and are partial copies of the Ryuk Ransomware note, with some changes, including an additional typo. Due to the spelling error and the ransom demands' stripped-down simplicity, malware experts suspect that the VIAM Ransomware's threat actor isn't a native English speaker.

Examining the Expertise Behind a Familiar-Seeming Trojan

The VIAM Ransomware's campaign is using possibly-expensive stolen credentials for hiding itself from security software. Samples of the VIAM Ransomware installers with digital certificates give this threat more common ground with higher-end threats like the Ryuk Ransomware or the NEFILIM Ransomware. Companies have revoked the current validations, but future attacks may use refreshed credentials as more convincing disguises during the installation exploits.

Attackers may circulate the VIAM Ransomware at random through options like torrents or malvertising. Still, Trojans with this much investment into their distribution infrastructure may be enjoying targeted tactics, such as hand-crafted e-mail phishing lures. Windows users also should watch for vulnerabilities that could compromise their networks or individual PCs, such as poorly-chosen passwords, out-of-date software, or threateningly-enabled features like macros, Flash and JavaScript.

Like the hundreds of Trojans more well-known than it, users' best defenses against this threat involve backing their files up to other systems instead of using the ransom option. As of the latest samples, most anti-malware programs also will delete the VIAM Ransomware.

With a backstory that still is half-mysterious, the VIAM Ransomware might become a larger story than a single Trojan usually warrants. Whether or not it has any tangible ties to enterprise-targeting criminals, the VIAM Ransomware is nothing to laugh off for anyone whose files aren't secured.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to VIAM Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.