Home > Cyber News > Aram Virus File (VoidCrypt Ransomware)
CYBER NEWS

Aram Virus File (VoidCrypt Ransomware)

Aram Virus File: VoidCrypt Ransomware

aram-virus-file-sensorstechforumIf you have the .aram file extension appended to your files, which cannot be accessed, then you have been attacked by the latest version of VoidCrypt ransomware. This is one of the currently active ransomware family, regularly releasing new variants in the wild. To avoid such dangerous infections, you should be extra vigilant with any suspicious or unexpected email messages that contain file attachments.

Spam is one of the primary methods abused by ransomware operators to spread their file-encrypting payloads. Another technique these cybercriminals deploy is using infected installers for pirated software, typically available on torrent websites. Continue reading to learn more about the ways ransomware such as Aram spreads, and how to remove it.

Note. Previous examples of the VoidCrypt family can be recognized by the following extensions: .DECcenter extension, .crazy, .horizon, .decme. Even though this ransomware family is not as big as the STOP/DJVU ransomware gang, users should be cautious with the regularly released new variants.

Aram Virus File Summary

Name Aram Virus File
File Extension .aram
Type Ransomware, Cryptovirus
Short Description The .aram ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
Symptoms The VoidCrypt ransomware will encrypt your files by appending the .aram extension to them.
Ransom Demanding Note decrypt-info.txt
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by malware

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss Aram Virus File.

.aram Virus File – How Did It Infect My PC?

Aram Virus File could be spreading via a payload dropper, initiating the malicious script for this ransomware. Also note that the payload file could be available on social media and file-sharing services. Freeware which can be downloaded freely on the Web, can also be hiding the malicious script for the Aram cryptovirus.

In terms of its encryption process, the ransomware encrypts your files and shows ransomware instructions inside a ransom note that is called decrypt-info.txt.

The note states the following:

All Your Files Has Been Encrypted

You Have to Pay to Get Your Files Back

1-Go to C:\ProgramData\ or in Your other Drives and send us prvkey*.txt.key file , * might be a number (like this : prvkey3.txt.key)

2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data

3-Payment should be with Bitcoin

4-Changing Windows without saving prvkey.txt.key file will cause permanete Data loss

Our Email:dataunlock@criptext.com

in Case of no Answer:dataunlocks@criptext.com

We generally advise victims of ransomware against paying the demanded ransom, as there is no guarantee a decryption key will be given to them. Furthermore, ransom payments fuel cybercrime activity.

The extortionists want you to pay a ransom for the alleged restoration of your files, as with most ransomware viruses. .Aram Virus File could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows system. All encrypted files will receive the .aram extension. Audio, video, image files as well as documents, backups and banking data can be encrypted by the ransomware.

The ransomware is also capable of erasing all the Shadow Volume Copies from the Windows operating system with the help of the command:

→vssadmin.exe delete shadows /all /Quiet

If your computer is infected with ransomware, continue reading to see what actions you could take.

Remove Aram Virus File

If your computer got infected with the Aram Virus File, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it gets the chance to spread further and infect even more computers. We advise you to remove the ransomware by following the step-by-step instructions below.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...