Back to Blog

GermanWiper ransomware hits Germany hard, destroys files, asks for ransom

August 2, 2019

By: mirabiliscorp

Users advised not to pay the ransom under any circumstances!

For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data.

As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them recover their files.

Unless users had created offline backups of their data, their files are most likely gone for good.

For now, the only good news is that this ransomware appears to be limited to spreading in German-speaking countries only, and with a focus on Germany primarily.

Pretty big distribution campaign

First signs of GermanWiper were reported earlier this week when victims started asking for help on the Bleeping Computer forums, a popular place where internet users congregate to get advice in dealing with ransomware infections.

The first report came on Tuesday, July 30, and they kept piling on through the following days.

Michael Gillespie, the creator of ID-Ransomware, a website where ransomware victims can upload samples and identify the type of ransomware that has infected their systems, told ZDNet that currently GermanWiper is one of the top five most active ransomware strains on his platform.


Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.