VIAM Ransomware
The VIAM Ransomware is a file-locker Trojan that can take data like documents hostage by encrypting it. It also extorts money from victims with ransom notes similar to those of Ryuk Ransomware's family. Users should protect any files by keeping backups on other devices and disinfect their computers through comprehensive anti-malware scans that remove the VIAM Ransomware and other threats.
Lest We Judge a Trojan's Ancestry Too Hastily
A file-locking Trojan that malware experts rate as unrelated to other known families currently is out in the wild – with not-insignificant support from its threat actor. Victims can mistake the VIAM Ransomware for a variant of different Trojans' families easily, including the Ryuk Ransomware, whose extortion instructions it cribs partially. Doing so would be a mistake since the VIAM Ransomware represents a clear divergence from that family's payload in other respects, despite still being threatening to the users' digital media.
The VIAM Ransomware, like all file-locker Trojans, targets files such as documents, images, or music and encrypts them as part of its blocking procedure. The Trojan also adds a 'viamwasted' extension at the ends of their names so that victims can identify the 'hostages' on sight.
The extortion end of the VIAM Ransomware's payload involves generating a ransom note for every file that it blocks, different from Ryuk Ransomware and most other families' operational standards distinctly. However, the messages' contents are identical and are partial copies of the Ryuk Ransomware note, with some changes, including an additional typo. Due to the spelling error and the ransom demands' stripped-down simplicity, malware experts suspect that the VIAM Ransomware's threat actor isn't a native English speaker.
Examining the Expertise Behind a Familiar-Seeming Trojan
The VIAM Ransomware's campaign is using possibly-expensive stolen credentials for hiding itself from security software. Samples of the VIAM Ransomware installers with digital certificates give this threat more common ground with higher-end threats like the Ryuk Ransomware or the NEFILIM Ransomware. Companies have revoked the current validations, but future attacks may use refreshed credentials as more convincing disguises during the installation exploits.
Attackers may circulate the VIAM Ransomware at random through options like torrents or malvertising. Still, Trojans with this much investment into their distribution infrastructure may be enjoying targeted tactics, such as hand-crafted e-mail phishing lures. Windows users also should watch for vulnerabilities that could compromise their networks or individual PCs, such as poorly-chosen passwords, out-of-date software, or threateningly-enabled features like macros, Flash and JavaScript.
Like the hundreds of Trojans more well-known than it, users' best defenses against this threat involve backing their files up to other systems instead of using the ransom option. As of the latest samples, most anti-malware programs also will delete the VIAM Ransomware.
With a backstory that still is half-mysterious, the VIAM Ransomware might become a larger story than a single Trojan usually warrants. Whether or not it has any tangible ties to enterprise-targeting criminals, the VIAM Ransomware is nothing to laugh off for anyone whose files aren't secured.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.