A new "ransomware" called Ordinypt targets German users. This ransomware is more like a "wiper" because it actually deletes the files rather than encrypt them.
G Data security research Karsten Hahn found that the malware is targeting German users using email and ransom notes written in Deutsch. It is being spread via responses to job ads.
According to an analysis from Valthek, once opened, the malware infects a victim’s machine, making files inaccessible, and then requests 0.12 Bitcoin (around 600 EUR) for recovering them. Unbeknownst to the target, the files are actually destroyed, not encrypted, and the attackers have no code for “unlocking” them, even if victims pay up.
Valthek found that the ransomware deletes files, overwriting them with garbage strings of random letters and numbers. However, these files would have been saved to the Ultimate Recycle Bin and could have quickly been recovered using the client software - even if the HoneyPot files and File Screening technologies were uneffective.