VoidCrypt Ransomware Description
Users infected with the VoidCrypt Ransomware will find that they can no longer access the files stored on their computers. The threat can affect nearly all file types, and the potential damage it can cause is tremendous if the files it 'locks' are for important business-related projects, especially. By using a combination of two powerful encryption algorithms - AES and RSA, the hackers ensure that brute-forcing the scrambled files is not a realistic option.
When the VoidCrypt Ransomware encrypts a file, it changes the original filename drastically to match the following pattern - [Original Name].[Hacker's Email].[Unique ID for the victim].[Ransomware Extension]. For the VoidCrypt Ransomware, the email address is 'firstname.lastname@example.org,' while the new file extension is '.Void.' The note with instructions from the hackers is displayed as a pop-up window generated from a .hta file named 'Decryption-Info.HTA.'
While the ransom note doesn't include the exact amount demanded by the criminals, it does state that the amount to be paid must be made in Bitcoin, arguably the most popular cryptocurrency. It also allows the VoidCrypt Ransomware victims to send a couple of files no bigger than 1MB in size to be decrypted for free. The hackers threaten that the longer affected users wait before establishing contact, the bigger the ransom sum will be. Three email addresses are provided as communication channels - the main one is 'email@example.com,' while the two secondary emails are 'firstname.lastname@example.org' and 'Steven77xx@protonmail.com.'
The full text of the ransom message delivered by VoidCrypt is:
'Your Files has Been Encrypted
Your Files Has Been Encrypted with AES + RSA Algorithm
If You Need Your Files You Have To Pay Decryption Price
You can Send Some Little Files Less Than 1MB for Test (The Test Files Should not Contain valuable Data Like Databases Large Excel Sheets or Backups
After 48 Hour Decryption Price Will be Doubled so You Better Contact us Before Times Up
Using Recovery Tools or 3rd Party Application May cause Damage To Your Files And increase price
The Steps You Should Do To Get Your Files Back:
1- Contact Email on Files And Send ID on The Files Then Do agreement on a Price
2- Send Some Files for Decryption Test ( Dont Pay to Anyone Else who is Not Able to Decrypt Your Test Files!)
After Geting Test Files Pay The price in Bitcoin And Get Decryption Tool + RSA key
Your Case ID :
Our Email : email@example.com
In Case Of No Answer : firstname.lastname@example.org and Steven77xx@protonmail.com.'
The ransom message explains that all the data on the target computer is encrypted. It claims that the only way to get access to files back would be to pay the attackers a ransom in bitcoin. Attackers pretend to be magnanimous, claiming they will restore a handful of small files to prove that their decryption process works. This step instils a sense of trust in victims, encouraging them to pay up. The attackers also intimidate victims by saying the ransom demand doubles if the person does not get in touch within 48 hours of infection.
Should Victims Pay the Ransom?
Unfortunately, the VoidCrypt ransomware doesn’t leave users with any choice but to pay the ransom if they want to get their files back. Even so, experts recommend against interacting with attackers and paying them. Don’t forget that hackers are only after your money. They are under no obligation to actually decrypt your files and give you the tools you need to do so. There are many cases of people not getting the tools they pay for. These people are left without their money as well as their data.
Even if the hackers deliver a tool and it works, paying them only encourages them to continue attacking others. They could even attack your computer again. This is why you should never pay the ransom at all. Instead, you should focus on getting your files back by yourself. While you can’t undo the encryption, you can use an external backup, such as a cloud backup or external hard drive, to get your data back.
Don’t forget to remove the virus from your computer first, to prevent your data getting encrypted again right away.
VoidCrypt Spreads Through Spam Emails
VoidCrypt infects computers in ways similar to other such threats. The most common infection method for viruses like this is spam email messages. Attackers carefully write emails that appear to be from legitimate sources. The emails encourage readers to click on a link or access an attached file. Clicking on the link or opening the file is all it takes to infect your computer.
Carefully read emails from unknown sources to see if you can spot any mistakes or other red flags. Misspelled words – and especially errors in the email address – are huge signs that something is wrong. Spam emails aren’t worth the trouble, so delete them and move on with your day safe in the knowledge you’ve done something good for your computer.