Users advised not to pay the ransom under any circumstances!
For the past week, a new ransomware strain has been wreaking havoc across Germany. Named GermanWiper, this ransomware doesn’t encrypt files but instead it rewrites their content with zeroes, permanently destroying users’ data.
As a result, any users who get infected by this ransomware should be aware that paying the ransom demand will not help them recover their files.
Unless users had created offline backups of their data, their files are most likely gone for good.
For now, the only good news is that this ransomware appears to be limited to spreading in German-speaking countries only, and with a focus on Germany primarily.
Pretty big distribution campaign
First signs of GermanWiper were reported earlier this week when victims started asking for help on the Bleeping Computer forums, a popular place where internet users congregate to get advice in dealing with ransomware infections.
The first report came on Tuesday, July 30, and they kept piling on through the following days.
Michael Gillespie, the creator of ID-Ransomware, a website where ransomware victims can upload samples and identify the type of ransomware that has infected their systems, told ZDNet that currently GermanWiper is one of the top five most active ransomware strains on his platform.