Viacrypt Ransomware Virus Removal

How to Remove Viacrypt Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Your system files has been encrypted and only way to recover them is by purchasing unlocking key.
Steps to gain access for files:
1) Please follow this page: xxxx://sigmalab.lv/other/crypt/payment_request.php
2) Upload your public encryption key
3) Download decryption key
4) Drag and drop key on crawl.exe
5) Wait for files to be unlocked in background

Viacrypt belongs to the ransomware category. It’s the scariest type of threat to catch. That’s because one it invades, it targets your files. One day, you find them encrypted with an RSA-1024 algorithm that keeps you from accessing them. Your own files are beyond your reach. Now, make no mistake. They are right where you left them. But the infection attaches a special extension at the end of each one. Thus, solidifying its grip, and blocking you from access. For example, your picture titled ‘me.jpg’ turns into ‘me.jpg.via.’ Once that happens, you can no longer open it. You can try moving or renaming the file, but it achieves nothing. The one sure way to remove the encryption is a decryption key. But that key will cost you. To get the proper key, you have to pay a ransom. Viacrypt demands payment in Bitcoin. It then promises to send you the right key to unlock your data, upon receiving your money. But, here’s the thing. All you get is a promise. One, made by malicious criminals, who unleashed terrible infection on your system. Do you deem those people reliable? Trustworthy? Do you think they’ll keep their end of the bargain? If you do, that’s your naivety talking. These are cyber kidnappers, who extort you for monetary profit. And, they don’t only want your money. They will exploit you every way they can. The question is, will you let them? Will you allow them to get more than your data? Don’t. Do not pay these people. Forsake your files. It’s a tough call to make, but you have to. It’s the best course of action to take.

How did I get infected with?

Viacrypt turns to the usual antics when in comes to invasion. The most common means, it uses, is freeware. It provides possibly the easiest access point. And, you’re to blame for that. Well, rather, your carelessness. Let’s explain. The tool exploits your lack of caution to invade. And, freeware acts as a fast-lane into your PC. That’s because, most users aren’t attentive enough when installing it. They aren’t vigilant, and don’t do their due diligence. They don’t even bother to read the terms and conditions but say YES to everything. That’s a horrendous mistake! You have no idea what you allow into your system! Don’t rely on luck when even a little extra attention goes a long, long way. Always be thorough when installing tools or supposed updates. Remember to apply caution with everything you do online. The web is dark and full of terrors. You don’t know what lurks behind the corner, waiting to slither in. Caution helps keep your computer infection-free. Carelessness does the opposite.

Why is Viacrypt dangerous?

Once Viacrypt appends the ‘via’ extension, it blackmails you. It leaves you a ransom note that provides instructions on what you’re expected to do. It claims that if you follow through, all will be well. But will it? Let’s take a closer look at your predicament. You have a program that slithered its way in undetected. Then, locked your photos, music, documents, videos, archives, text files, all of it! And, claimed that you have to pay for their release. In case, it’s unclear, these are malicious cyber criminals, you’re dealing with. Don’t think they’ll keep their promises. They have a dozen different ways to double-cross you. What if, after you pay, they send you nothing? If you don’t get the decryption key, you can’t decrypt your files. You’re at an impasse, having lost money and not regained your data. But, even if it does send you a key, don’t jump for joy yet. What if it’s the wrong one, and it doesn’t work? Even in your best-case scenario, when it does work, you’re not in the clear yet. Think about it. The decryption key removes the encryption. Not the threat. The threat remains. Viacrypt still lurks on your computer, ready to strike again at the opportune moment. But, there’s more. Even if the key you pay for did remove the ransomware, payment still shouldn’t be an option. How come? Well, when you transfer the money, you leave private details. You provide personal and financial data. Information, which the cyber extortionists can ten reach and exploit. Don’t expose your privacy. It’s better to lose your data than your privacy, don’t you think?

Viacrypt Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Viacrypt Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Viacrypt encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Viacrypt encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.