DRCRM Ransomware is a New VoidCrypt Version

A new version of the VoidCrypt ransomware is being distributed in the wild under the name DRCRM ransomware.

DRCRM does nothing too spectacular or unexpected. It encrypts most files found on the victim system and generates a ransom note.

File types encrypted by DRCRM include media files, documents, archives and databases. Once encrypted, files receive a long new extension comprised of the victim ID, the email used by the hackers behind DRCRM in the form of "(joaplcsg@gmil.com)" and the ".DRCRM" string.

The ransom demands are deposited inside a plain text file named "Read.txt", which is dropped on the desktop. The full note goes as follows:

All your files have been encrypted. If you want to restore them, write us to the e-mail:joaplcsg at gmail dot com
inCase of no answer :joaplcsg at gmail dot com

Write this ID in the title of your message ID-

send RSAKEY file stored in C:/ProgramData or other drives in email

Do not rename encrypted files.
Do not try to decrypt your data using third-party software and sites. It may cause permanent data loss.
The decryption of your files with the help of third parties may cause increased prices (they add their fee to our), or you can become a victim of a scam.

November 22, 2022