Idecrypt Ransomware

The Idecrypt Ransomware is a file-locking Trojan that comes from a family of similar threats referred to as either VoidCrypt Ransomware or Void Ransomware (due to a 'void' extension symptom). The Idecrypt Ransomware encrypts documents, pictures, and other media so that it can't open before giving users a ransom demand through a pop-up. Windows users should maintain protected backups for data restoration and let a dedicated anti-malware product delete the Idecrypt Ransomware when appropriate.

The Trojan that Makes Promises with Its Name

Coming back into the spotlight for the new year, the Void Ransomware or the VoidCrypt Ransomware is one of the smaller families of file-locker Trojans – but not less efficient at harming victims' files. The group consists of a minor but recurring stream of members throughout the past year and early 2021: the Spade Ransomware, the Foo Ransomware, the Konx Ransomware, the Decme Ransomware, and the latest: the Idecrypt Ransomware. Amusingly, this threat offers instructions and consolations in its e-mail addresses, which makes understanding the ransom-based gist of its attackers easier than ever.

The Idecrypt Ransomware, like all known versions of the Void Ransomware, is a Windows Trojan. It may 'lock' the user's media files through a secure encryption routine that proceeds in the background without notifying or prompting the user. This typical attack, which keeps spreadsheets, documents, pictures, movies, audio, and other content from opening, is the centerpiece of the Idecrypt Ransomware's payload.

Malware researchers also point to sometimes-overlooked features that support this data sabotage, such as:

• Terminating programs associated with server or media management
• Deleting the Restore Points or the Shadow Volume Copies
• Suppressing error messages during the system's boot-up routine
• Disabling Windows recovery features in the Registry

These features set up the victim's files as unrecoverable unless they have backups on other devices for restoring. The Idecrypt Ransomware also adds a campaign-unique extension to the files, which has some of the ransoming information ('example-document.doc' becomes 'example-document.doc[Idecrypt.plz.dontworry@gmail.com][victim-ID-serial].idecrypt'). Before they even read the ransom note, the Idecrypt Ransomware's victims see an address promoting the recovery service with appeals to emotion.

Closing Files Off from Getting Void-Touched

Besides the minor social-engineering adjustment, malware analysts find little noteworthy in the Idecrypt Ransomware's ransom-negotiating phase. The Trojan generates a pop-up in an advanced HTML, or HTA, format, which offers family-standard warnings, a two-day deadline, and a free sample for the unlocking service. Users paying the requested Bitcoins might or might not get their files back at the whims of the threat actor.

Although paying for decryption is unwise, and free decryptors sometimes are rare, malware experts always point to backup strategies that can neuter any attacks from these threats. Users who back their media up to devices such as USBs, DVDs, or another server, can restore any work without breaking the encryption.

The Idecrypt Ransomware is a fairly-new variant of the VoidCrypt Ransomware, but its distribution methods require additional analysis. Users should have strong passwords and security patches for blocking the most-obvious exploitation routes into their PCs. They also might watch for possible attacks arriving over e-mail or through torrents, both of which may use misleading names, corrupted bundle installers, or other tactics.

Effective PC security programs detect most file-locking Trojans from the VoidCrypt Ransomware and other groups. Users protecting themselves with these products should delete the Idecrypt Ransomware, or quarantine it, once their software identifies the threat.

The Idecrypt Ransomware is a lot of trouble for a program that's not even two megabytes' worth of code. Like a small pinprick can harbor infection, minuscule software can have sweeping and adverse effects.