Remove Dragon/VoidCrypt Ransomware

Ransomware and Weak Passwords

Since 2020, cybercriminals have had access to a new ransomware building toolkit – VoidCrypt. Unfortunately, it has proven to be quite successful and profitable because of the lack of free decryption tools. One of the latest versions of file-lockers based on VoidCrypt is called Dragon/VoidCrypt Ransomware. It is being spread through fake downloads and attachments, malicious advertisements, and even through social media and messaging services. Encountering this ransomware can be very dangerous because of its ability to lock you out of your important files and then extort you for money.

What happens when the Dragon/VoidCrypt Ransomware is run on an unprotected computer? It will start by wiping out Shadow Volume Copies and System Restore points, which could be used to undo some of the damage it causes. It then proceeds to encrypt documents, archives, databases, media, and dozens of other file formats. The damaged data is marked with a new suffix, which uses the pattern '[ForDecrypte@mailfence.com][<VICTIM ID>].Dragon.'

After all of the above tasks are completed, the 'Decrypt-me.txt' ransom note is dropped. It tells the victim to avoid 3rd-party recovery tools because they could damage the data even more – this is fake, and it is meant to discourage you from trying out alternative data recovery options. You should not agree to pay any money to Dragon/VoidCrypt Ransomware's creators because they are likely to try to scam you. They do promise to unlock one small file for free, and you should make use of this offer – use the emails fordecrypte@mailfence.com and forhelp@cock.li to send it.

So, what do you do if the Dragon/VoidCrypt Ransomware has infected your system? Start by running an anti-malware service to clean the infected files and then restore from a backup or try alternative data recovery options.

May 28, 2021