Eking (VoidCrypt) Ransomware
Cybersecurity experts are warning users about a hurtful ransomware threat names the Eking Ransomware. It is crucial to make the distinction that despite being tracked under the same name, this is a different malware threat than the Eking Ransomware that has been previously identified. The threats may follow similar behavioral patterns because both are classified as ransomware but the older threat is a variant belonging to the Phobos malware family, while this new Eking threat is a variant of VoidCrypt.
When executed on the infected devices, the threat will initiate an encryption routine that will target the data of the victim. Files, such as documents, archives, databases, images, photos, audio and video files and many others will all be locked and rendered unusable. In addition, their original names will be severely modified. The Eking Ransomware adds an ID string, an email address, and a new file extension. The used email is 'ekingm2023@outlook.com,' while the file extension is '.eking.'
Victims will notice that a new text file named 'INFO.txt' has been created on the desktop of their devices. Inside the file will be a ransom with instructions from the threat actors. According to the message, victims are expected to locate a specific file on the computer and send it to the hackers. The file is supposed to be found in the C:/ProgramData directory and could be named something like 'RSAKEY-SE-24r6t523' or 'RSAKEY.KEY.' Alongside this file, victims also are allowed to send one single encrypted file to be unlocked for free. Two email addresses could be used for this purpose - 'ekingm2023@outlook.com' and 'ekingm2023@onionmail.org.' The ransom note ends with a section containing multiple warnings.
The entire set of instructions left by the Eking (VoidCrypt) Ransomware is:
'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithmще
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
Your Case ID :
OUR Email :ekingm2023@outlook.com
in Case of no answer: ekingm2023@onionmail.org'
