Aram Virus File: VoidCrypt Ransomware
If you have the .aram file extension appended to your files, which cannot be accessed, then you have been attacked by the latest version of VoidCrypt ransomware. This is one of the currently active ransomware family, regularly releasing new variants in the wild. To avoid such dangerous infections, you should be extra vigilant with any suspicious or unexpected email messages that contain file attachments.
Spam is one of the primary methods abused by ransomware operators to spread their file-encrypting payloads. Another technique these cybercriminals deploy is using infected installers for pirated software, typically available on torrent websites. Continue reading to learn more about the ways ransomware such as Aram spreads, and how to remove it.
Note. Previous examples of the VoidCrypt family can be recognized by the following extensions: .DECcenter extension, .crazy, .horizon, .decme. Even though this ransomware family is not as big as the STOP/DJVU ransomware gang, users should be cautious with the regularly released new variants.
Aram Virus File Summary
|Name||Aram Virus File|
|Short Description||The .aram ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.|
|Symptoms||The VoidCrypt ransomware will encrypt your files by appending the .aram extension to them.|
|Ransom Demanding Note||decrypt-info.txt|
|Distribution Method||Spam Emails, Email Attachments|
See If Your System Has Been Affected by malware
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Aram Virus File.|
.aram Virus File – How Did It Infect My PC?
Aram Virus File could be spreading via a payload dropper, initiating the malicious script for this ransomware. Also note that the payload file could be available on social media and file-sharing services. Freeware which can be downloaded freely on the Web, can also be hiding the malicious script for the Aram cryptovirus.
In terms of its encryption process, the ransomware encrypts your files and shows ransomware instructions inside a ransom note that is called decrypt-info.txt.
The note states the following:
All Your Files Has Been Encrypted
You Have to Pay to Get Your Files Back
1-Go to C:\ProgramData\ or in Your other Drives and send us prvkey*.txt.key file , * might be a number (like this : prvkey3.txt.key)
2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data
3-Payment should be with Bitcoin
4-Changing Windows without saving prvkey.txt.key file will cause permanete Data loss
in Case of no Answer:firstname.lastname@example.org
We generally advise victims of ransomware against paying the demanded ransom, as there is no guarantee a decryption key will be given to them. Furthermore, ransom payments fuel cybercrime activity.
The extortionists want you to pay a ransom for the alleged restoration of your files, as with most ransomware viruses. .Aram Virus File could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows system. All encrypted files will receive the .aram extension. Audio, video, image files as well as documents, backups and banking data can be encrypted by the ransomware.
The ransomware is also capable of erasing all the Shadow Volume Copies from the Windows operating system with the help of the command:
→vssadmin.exe delete shadows /all /Quiet
If your computer is infected with ransomware, continue reading to see what actions you could take.
Remove Aram Virus File
If your computer got infected with the Aram Virus File, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it gets the chance to spread further and infect even more computers. We advise you to remove the ransomware by following the step-by-step instructions below.