The VIAM Ransomware is a file-locker Trojan that can take data like documents hostage by encrypting it. It also extorts money from victims with ransom notes similar to those of Ryuk Ransomware's family. Users should protect any files by keeping backups on other devices and disinfect their computers through comprehensive anti-malware scans that remove the VIAM Ransomware and other threats.
Lest We Judge a Trojan's Ancestry Too Hastily
A file-locking Trojan that malware experts rate as unrelated to other known families currently is out in the wild – with not-insignificant support from its threat actor. Victims can mistake the VIAM Ransomware for a variant of different Trojans' families easily, including the Ryuk Ransomware, whose extortion instructions it cribs partially. Doing so would be a mistake since the VIAM Ransomware represents a clear divergence from that family's payload in other respects, despite still being threatening to the users' digital media.
The VIAM Ransomware, like all file-locker Trojans, targets files such as documents, images, or music and encrypts them as part of its blocking procedure. The Trojan also adds a 'viamwasted' extension at the ends of their names so that victims can identify the 'hostages' on sight.
The extortion end of the VIAM Ransomware's payload involves generating a ransom note for every file that it blocks, different from Ryuk Ransomware and most other families' operational standards distinctly. However, the messages' contents are identical and are partial copies of the Ryuk Ransomware note, with some changes, including an additional typo. Due to the spelling error and the ransom demands' stripped-down simplicity, malware experts suspect that the VIAM Ransomware's threat actor isn't a native English speaker.
Examining the Expertise Behind a Familiar-Seeming Trojan
The VIAM Ransomware's campaign is using possibly-expensive stolen credentials for hiding itself from security software. Samples of the VIAM Ransomware installers with digital certificates give this threat more common ground with higher-end threats like the Ryuk Ransomware or the NEFILIM Ransomware. Companies have revoked the current validations, but future attacks may use refreshed credentials as more convincing disguises during the installation exploits.
Like the hundreds of Trojans more well-known than it, users' best defenses against this threat involve backing their files up to other systems instead of using the ransom option. As of the latest samples, most anti-malware programs also will delete the VIAM Ransomware.
With a backstory that still is half-mysterious, the VIAM Ransomware might become a larger story than a single Trojan usually warrants. Whether or not it has any tangible ties to enterprise-targeting criminals, the VIAM Ransomware is nothing to laugh off for anyone whose files aren't secured.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to VIAM Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.