An overview of the Cryptoviki ransomware
CryptoViki virus is a new ransomware [1] that targets English and Russian-speaking users around the globe. The virus infiltrates computers and encrypts files stored on the hard drive, connected external storage drives, etc. The affected files are appended with .viki extensions and become inaccessible to the users. In addition, the virus drops a readme.txt file on every infected browser to deliver a ransom note along with the list of data recovery instructions. In particular, the victims are expected to contact the extortionists via Cryptoviki@gmail.com email address by which they would receive further data recovery instructions. Of course, following the extortionists’ demands is never a safe option. You can’t be sure if the recovery tools that the criminals promise are really functional — maybe they are designed to mess up your computer even more and continue the money extortion. Having these risks in mind, it is best not to get involved with the cyber criminals at all and remove CryptoViki from the infected device as soon as possible. Make sure you use updated and reputable antivirus software like FortectIntego to prevent virus elimination errors.

Ransomware are vicious infections, and though their working principles are more or less the same, each of them has characteristics which help individualize them. In the case of the CryptoViki virus, the program can be recognized from its unique ransom note. You can see a transcript of this note below:
Your files have been encrypted.
To decrypt them, You need to write a letter
to the email address cryptoviki@gmail.com .
Next, you will receive all necessary instructions.
Attempts to decipher alone will not lead to anything other than irretrievable loss of information.
If you still want to try, make a backup of the files, or in the case they change the decryption will be impossible under any circumstances.
Since the ransomware targets Russian and English speaking users, the text is displayed in both languages as well. The criminals clearly don’t want to reveal any sensitive information that might get them caught, that’s why the ransom note is so obscure. Even if the criminals openly indicate the accounts to which victims must transfer the ransom money, they rarely get caught. In fact, such cases are almost non-existent, that’s why you should take measures to prevent yourself from the virus beforehand. If your device happens to be encrypted by this virus, don’t hesitate with CryptoViki removal — get it done as soon as possible.

Virus spreads via malvertising campaigns and exploit kits
If files on your computer have been affected by CryptoViki, you probably have been involuntarily involved in some malicious spam campaign [2] or downloaded malware-ridden software on your computer. It is also possible that the virus has targeted your device by locating software vulnerabilities on your device and deceptively installed as some software update or browser plug-in. Please keep in mind that merely eliminating the downloaded malicious files will not help terminate the ransomware, nor will it decrypt the encrypted files. To perform a thorough CryptoViki removal, you will have to scan your device with some professional malware-fighting utility. As for the data recovery, we suggest checking out alternative data recovery methods just below the article.
Remove CryptoViki and recover your files
Though it may sound unreal, you can indeed remove CryptoViki from the computer and recover your files. Well, some of them, at least. Security vendors are offering thousands of tools that help unfortunate users to clean up and recover computers after ransomware attacks. However, only a few of them are actually worth trusting. FortectIntego or MalwarebytesMalwarebytes are the software you can rely on. After performing CryptoViki removal, you may then proceed with data recovery — the most effective techniques are presented at the end of the article.
Was this guide helpful?
Be the first to comment