Winner Ransomware is Another VoidCrypt Variant


Winner is a malicious, ransomware program that belongs to the VoidCrypt family. When it is executes, it encrypts files and changes their filenames by adding a unique ID, the criminals' email address, and a ".Winner" extension. For example, a file named "1.jpg" would become "1.jpg. (".

After encryption, this ransomware drops a ransom note – "Read.txt" – onto the desktop which tells the victim that their precious files and data have been encrypted and that their databases were exfiltrated as well. If the hackers behind the ransomware are not contacted within 48 hours, then the encrypted files will be inaccessible and the stolen content will be leaked and sold on the Web.

The purpose of Winner ransomware is to extort money from victims by encrypting their data and demanding payment for decryption. It does this by changing filenames to include a unique ID, an email address associated with the criminals, and a ".Winner" extension. The ransom note left behind on the desktop warns victims that if they do not contact the criminals within 48 hours then their files will remain inaccessible and any stolen databases will be sold online.

The Winner ransomware note in full

The complete text of the ransom note generated by the Winner ransomware reads as follows:

All Your Files Are Encrypted.
If You Want To Recover Them, Write To Us Via Email:

If You Do Not Receive An Answer Within 24 Hours:

Write This ID In The Subject Of Your Message

Email the (( RSAKEY )) File Stored In C:/ProgramData Or Other Drives

If we don't hear from you within 48 hours,it means you don't want the key and you won't hear back after that

We have a copy of your database, if you don't want us to sell it under GDPR email us within 48 hours:
We can also auction and sell on the sites

Do not rename encrypted files.
Do not try to decrypt your data using third-party software and sites. May cause permanent data loss.
Decrypting your files with the help of third parties may increase the prices (they add their cost to us), or you may become a victim of a scam from their side.

Security is not Permanent

Your time has Started Tick Tock Tick Tock….

Can you restore files encrypted by the Winner ransomware?

Unfortunately, restoring files encrypted by the Winner ransomware is not possible without paying the ransom. The encryption used by this malware is strong and cannot be reversed without the decryption key which is only available to the criminals. Even if a victim were to contact the criminals, there is no guarantee that they would receive their files back as cyber criminals are known to take payment and not provide any service in return. Therefore, it is important for users to back up their data regularly and ensure that they have anti-virus software installed on their systems in order to protect against ransomware attacks.

What can you to to protect your data from ransomware attacks similar to the Winner ransomware?

To protect your data from ransomware attacks similar to the Winner ransomware, it is important to take proactive steps to ensure that your system is secure. First, it is essential to back up all of your data regularly and store it on a separate device or in the cloud. This way, if you do become a victim of ransomware, you will still have access to your files.

Additionally, it is important to keep all software and operating systems up-to-date with the latest security patches as this can help prevent malicious programs from exploiting any vulnerabilities. Finally, having anti-virus software installed on your system can help detect and block malicious programs before they can cause any damage. By taking these steps, you can help protect yourself against ransomware attacks like Winner.

January 24, 2023