ViaCrypt Ransomware

Researchers at pcthreat.com have reported the detection of ViaCrypt Ransomware, a new crypto-threat, recently. According to them, it is one of those computer infections that manage to enter systems unnoticed, but it is, without a doubt, not its only drawback. Research has revealed that this ransomware infection is one of the malicious applications that enter computers illegally to encrypt files, but, unlike older ransomware infections our experts thoroughly analyzed some time ago, it does not demand money. Well, at least it does not demand a ransom directly. If you open a file created on your Desktop after its successful entrance, you will see 5 “steps to gain access for files” there. These instructions tell users to open a specific page, upload a public encryption key, download a decryption key, drag and drop the key on crawl.exe (it is a file created by the ransomware infection), and wait until files are automatically unlocked. You should definitely try this out if you have found a bunch of your personal files encrypted. If you are lucky, you might get those files back for free. If the decryption of files is unsuccessful, or you are asked to pay a certain amount of money in exchange for the decryption key, you must delete ViaCrypt Ransomware fully from your computer. Keep in mind that you need to erase this infection from your PC also if you have found your files intact, i.e. they have not been encrypted by the ransomware infection. Our researchers are sure that this threat does not lock files in all instances.

ViaCrypt Ransomware has been detected at the end of June, 2017, so it is not surprising that it is not yet popular. Of course, it might never become a prevalent infection. No matter it is a popular threat or not, its successful entrance is directly linked to the loss of files. Researchers have revealed that it encrypts users’ files by adding the .via extension to all of them the first thing it enters the system. Then, it drops a ransom note your system has been encrypted! please read further instruction!.txt on Desktop – it contains the step-by-step instructions explaining how to unlock files. In addition, it creates your_encryption_public_key.rkf on Desktop after the entrance. Last but not least, you could detect crawl.exe in two different directories: %APPDATA%\Microsoft\Windows\Start Menu\\Programs\Startup and %USERPROFILE%\Desktop. Fortunately, it is not one of those malicious applications that create new registry keys. Also, it will not block your screen or system utilities, so you should not find its deletion a very complicated procedure. Unfortunately, we cannot promise that you could easily unlock your files. If you find the decryption instructions available in the file your system has been encrypted! please read further instruction!.txt completely useless and, consequently, it is impossible to unlock files for free, go to restore them from a backup you have. Alternatively, you can wait till a free decryptor is developed.

The distribution of ViaCrypt Ransomware is still quite a secret because it has not infected many computers yet, and, because of this, it is hard to make final conclusions; however, our specialists still have an opinion about its dissemination. According to them, ViaCrypt Ransomware should not differ much from other ransomware infections in this sense. That is, it should be spread in spam emails disguised as a harmless email attachment. Also, users might get it from websites containing tons of free software, movies, music, and other files, specialists say. In other words, even though this infection tries to enter PCs illegally, users contribute to its entrance. Luckily, there is one thing you can do to protect your PC – you need to install a security application on your computer. As long as it is enabled, no malware could enter your system successfully.

You cannot unlock your files by removing ViaCrypt Ransomware from your PC, but it does not mean that you can keep this infection active on your computer. To remove this infection manually, you need to erase all its files one by one. You should let our instructions help you because this threat might easily revive and start working on your PC again if you leave the tiniest component active on your system. If you are scared to make a fatal mistake, you can also perform a system scan with an automated scanner. It will make all the active threats gone in a second’s time.

Delete ViaCrypt Ransomware

1. Press Win+E on your keyboard.
2. Open %APPDATA%\Microsoft\Windows\Start Menu\\Programs\Startup and %USERPROFILE%\Desktop directories.
3. Delete the crawl.exe file.
4. Go to %USERPROFILE%\Desktop.
5. Remove your system has been encrypted! please read further instruction!.txt and your_encryption_public_key.rkf.
6. Delete all recently downloaded files (you should be able to find them in %USERPROFILE%\Downloads).
7. Empty the Recycle bin.