Home Malware Programs Ransomware VoidCrypt Ransomware

VoidCrypt Ransomware

Posted: October 30, 2020

The VoidCrypt Ransomware is a family of file-locking Trojan that can block digital media on Windows systems. In addition to this encryption-based attack, it may create HTA ransom notes that sell the attacker's decryption service, change extensions, terminate some programs, and make unsafe settings changes. Users should guard their media with appropriately-secure backups and let their anti-malware utilities delete the VoidCrypt Ransomware and its variants as appropriate.

A Return to the Void of Trojan Data Blockades

After early samples like Spade Ransomware, the VoidCrypt Ransomware family's ongoing attacks upgraded with new spins on the same old themes. Even more recent iterations such as the Exploit Ransomware and the Lalaland Ransomware prove that its encryption features are compatible with a variety of Windows systems and desirable for threat actors uninterested in a pricier, Ransomware-as-a-Service option. According to how well they protect their files, the result of a VoidCrypt Ransomware attack may or may not be expensive to users of infected PCs.

The VoidCrypt Ransomware's family is a small but currently-in-use one that produces variants for Windows systems, with threat actors labeling them with arbitrary, semi-meaningful names. Default features in the VoidCrypt Ransomware resemble those of the average RaaS or similar Trojan family: it adds extensions with ransoming credentials onto files' names after blocking them with encryption and communicates afterward by ransom notes.

Recent versions of the VoidCrypt Ransomware's family use a semi-standard template that differs by the e-mail addresses for negotiating over the file-restoring service. Most details are unexceptional and include a 'free demonstration' for valueless files, a one-day deadline, and, usually, references to Bitcoin as the preferred currency for ransoms.

Malware researchers also catch intermittent features in this family that different samples display to various degrees. The VoidCrypt Ransomware family Trojans may disable boot-up error messages, turn off programs related to media management, or delete local Windows backups. While familiar to file-locking Trojans, all of these attacks further solidify the VoidCrypt Ransomware's hold on any files as digital prisoners.

Pulling Down Trojan Families before They Prosper

Although there are many families of file-locking Trojans, they depend on making ransoms out of the same security mistakes from victims. Windows users especially should consider their backup solutions in the light of being the targets of threats like the Dharma Ransomware, Hidden Tear, the Globe Ransomware, the VoidCrypt Ransomware, and dozens of other Trojan groups. Since nearly all of these threats will destroy local backups, in one way or another, a non-local backup with an additional password or air gap-style security is a priceless defense.

Malware researchers see no common ground in the latest distribution tactics by the VoidCrypt Ransomware's family members currently. Most users can protect their work adequately by refusing illicit downloads, being cautious around e-mail-attached documents or spreadsheets, disabling JavaScript and Flash and using appropriate passwords. Overlooking any of these steps places the user's PC in a position for risk from both a targeted attack or random attacks of opportunity.

A quality PC security product also should flag and delete the VoidCrypt Ransomware, which shows low avoidance from most threat detection models.

The VoidCrypt Ransomware has little in the way of flashy extras but performs with the same streamlined attacks as most other file-locker Trojan families. Still, making sure that its ransom-collecting plate is as empty as a real void is up to those whom it attacks – by doing what's right beforehand.

Loading...