ViaCrypt Ransomware Removal Guide

Do you know what ViaCrypt Ransomware is?

Cyber security experts warn that there is a new ransomware on the loose. It is called ViaCrypt Ransomware and it is advised that you remove it as soon as possible. However, the bad news is that if it happens to infect your PC, then it might encrypt your files immediately. Furthermore, this program’s website for decrypting the files is down, so there is no way to pay the ransom and get your files back currently. Therefore, you should make sure to protect your PC with a powerful antimalware application to prevent your PC from becoming infected with this ransomware in the first place.

Let us jump right into the information regarding the functionality of this ransomware. Our malware researchers say that if your PC becomes infected with ViaCrypt Ransomware, then it will spring into action immediately and encrypt many of the files on your PC. This program is likely to target file types that are apt to contain personal information such as documents, images, videos, audios, and other files types that are rarer. The goal is to compel you to pay the ransom, but the money asked is not specified. Researchers say that this ransomware should append the encrypted files with a “.via” file extension. However, the tested sample did not do that and, for this reason, we do not know if this ransomware can change the file names of the encrypted files.

Once your files have been encrypted, ViaCrypt Ransomware drops a ransom note on the desktop called "your system has been encrypted! please read further instruction!.txt." this note features file steps to recover your files. The first step is to go to http://sigmalab.lv/other/crypt/payment_request.php, a Latvian website that is in the Latvian language, which is problematic. The second step is to upload your public encryption key which is stored in a file named “your_encryption_public_key.rkf” that is also dropped on the desktop. Then, you download the decryption key, but the note makes no mention of a ransom payment. You need to enter the decryption key in “crawl.exe” another executable application that is dropped by this ransomware after the encryption. As you can see, ViaCrypt Ransomware has a lot going on, but not all of its functions worked during testing, so some of its functions are subject to change.ViaCrypt Ransomware Removal GuideViaCrypt Ransomware screenshot
Scroll down for full removal instructions

Our malware analysts have received unconfirmed reports that ViaCrypt Ransomware’s developers might have set up a dedicated email server that sends malicious emails with this ransomware to random email addresses. The emails can be disguised as legitimate invoices, receipts, and so on and trick you into opening the attached file that may look like a document at first, but an executable in fact. Not only that, but ViaCrypt Ransomware’s developers may also distribute it on several questionable free software distributing websites that do not shy away from bundling their software with malware in exchange for some money. Hence, this ransomware can be bundled with software installers, cracking tools or keygens, so you have to keep an eye out for untrustworthy software distributers and avoid them.

In closing, ViaCrypt Ransomware can encrypt your files, and you may not be able to decrypt them for free as its encryption may be difficult to crack. Nevertheless, a free decryption, can be developed in the future and you may be able to decrypt your files for free if you are patient. The ransom money may not be worth your files, so paying it can be uneconomical or the sum asked to pay may be outrageous. Therefore, might want to remove it from your PC entirely. Our researchers say that you can get rid of ViaCrypt Ransomware using an anti-malware program called SpyHunter as well as delete it manually. See the guide below on how to eradicate this malware yourself.

How to remove this ransomware

  1. Press Windows+E keys and enter the following file paths in the address box and hit Enter.
    • %USERPROFILE%\Downloads
    • %USERPROFILE%\Desktop
    • %TEMP%
  2. Locate the randomly-named executable.
  3. Right-click it and click Delete.
  4. Then, type %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup in the address box and hit Enter.
  5. Locate and delete "crawl.exe"
  6. Go to the desktop and delete the second copy of "crawl.exe," "your_encryption_public_key.rkf," and "your system has been encrypted! please read further instruction!.txt"
  7. Empty the Recycle bin.

In non-techie terms:

Malware researchers say that ViaCrypt Ransomware was designed to encrypt your files and, thus, prevent you from accessing their contents. Its developers want you to pay money for a decryption key to recover your files, but if you do not want to risk paying the ransom after which you may not receive the decryption key anyway, we invite you to use the removal guide above or get an anti-malware tool that will delete it for you.