By Tara Seals
14 NOV 2017
A new malware called Ordinypt that targets German users is making the rounds—billing itself as ransomware. However, the code is really a wiper, with apparent twin motives of financial gain as well as disrupting business operations.
G Data security researcher Karsten Hahn found that the malware, which also goes by the name HSDFSDCrypt, is targeting German users for the moment, using emails and ransom notes that are written in flawless Deutsch. It’s being spread via responses to job ads—the emails purport to have a ZIP file with a resume and CV attached.
According to an analysis from Valthek, once opened, the malware infects a victim’s machine, making files inaccessible, and then requests 0.12 Bitcoin (around 600 EUR) for recovering them. Unbeknownst to the target, the files are actually destroyed, not encrypted, and the attackers have no code for “unlocking” them, even if victims pay up.
Interestingly, Valthek found that the malware deletes files, overwriting them with garbage strings of random letters and numbers.