Blue Shoe Software Blog

Ordinypt Ransomware Targets German Users

Posted by Scott Jackson on Nov 1, 2017 1:07:00 PM

A new "ransomware" called Ordinypt targets German users. This ransomware is more like a "wiper" because it actually deletes the files rather than encrypt them. 

G Data security research Karsten Hahn found that the malware is targeting German users using email and ransom notes written in Deutsch. It is being spread via responses to job ads.

According to an analysis from Valthek, once opened, the malware infects a victim’s machine, making files inaccessible, and then requests 0.12 Bitcoin (around 600 EUR) for recovering them. Unbeknownst to the target, the files are actually destroyed, not encrypted, and the attackers have no code for “unlocking” them, even if victims pay up.

Valthek found that the ransomware deletes files, overwriting them with garbage strings of random letters and numbers. However, these files would have been saved to the Ultimate Recycle Bin and could have quickly been recovered using the client software - even if the HoneyPot files and File Screening technologies were uneffective. 

Conceptual digital image of lock on circuit background

Topics: Ransomware, Ordinypt

Subscribe To Our Blog

Recent Posts