'This is Hitler' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 9,203 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 261 |
| First Seen: | January 31, 2017 |
| Last Seen: | September 14, 2023 |
| OS(es) Affected: | Windows |
The 'This is Hitler' Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The 'This is Hitler' Ransomware is the final version of a ransomware Trojan that was released earlier in 2016. This is obvious but also stated directly in the 'This is Hitler' Ransomware's ransom note. However, although there is a relationship between the two, malware analysts suspect that the people responsible for the 'This is Hitler' Ransomware are not the same people that created the original Hitler Ransomware. The 'This is Hitler' Ransomware, like its predecessor, fails to encrypt the victim's files. However, while the earlier version of this threat deleted the victim's files with intent to do harm, the 'This is Hitler' Ransomware is simply poorly implemented. Furthermore, the 'This is Hitler' Ransomware's ransom note is written very poorly, is full of mistakes, and points to authors that do not speak German. It is likely that the 'This is Hitler' Ransomware was created by amateurs, piggybacking on an already existing work by more experienced programmers. Despite its poor implementation, the delivery mechanism for the 'This is Hitler' Ransomware is quite effective, and has been associated with other, more threatening Trojans, such as the ones in the Locky family of ransomware Trojans.
The Tricks Used by the 'This is Hitler' Ransomware
The 'This is Hitler' Ransomware is being delivered to victims using phishing email messages. These corrupted email messages will contain a file that uses a triple extension to mislead computer users about its true contents. The file, disguised as a bill from a legitimate source, is named 'YOUR-BILL.pdf.exe.bin' and downloads and installs the 'This is Hitler' Ransomware on the victim's computer. The 'This is Hitler' Ransomware is designed to target German speakers and is associated with phishing emails that appear to come from German businesses and services such as couriers, banks or utility services. When the victim opens the corrupted file attachment, it extracts the 'This is Hitler' Ransomware's executable file from the Windows Temp directory and runs it. As soon as this happens, the 'This is Hitler' Ransomware will create a list of the victim's files that will be encrypted. However, while other ransomware Trojans would then use a strong encryption algorithm to encrypt these files (or the previous version of the 'This is Hitler' Ransomware would simply delete them), the 'This is Hitler' Ransomware does nothing. However, it does display a ransom message on the victim's computer. The 'This is Hitler' Ransomware displays the following ransom note, translated into English below:
'This is Hitler Ransomware - You've been infected by FINAL version of Hitler Ransomware!
Your important file was encrypted by Hitler Ransomware
To decrypt your file, please contact me by e-mail:
3r4wm0sn4r3lt1h@mail.com
If you have paid and get the code for decrypting your file please enter your code here:
[TEXT BOX]
I have paid and entered the valid code'
Concerns about the 'This is Hitler' Ransomware
The delivery method used to send the 'This is Hitler' Ransomware to its victims is well implemented. Because of this, it is not unlikely that these people will continue to update the 'This is Hitler' Ransomware and may release a version that will work properly in the future. The 'This is Hitler' Ransomware is already an update of a previous ransomware Trojan that also did not function correctly, displaying a lock screen and deleting the victim's files instead. PC security researchers advise computer users to take measures to protect their files from threats like the 'This is Hitler' Ransomware. Having backup copies of all files on a removable memory device or the cloud you can counteract such infections. Having a reliable security program that is fully up-to-date and capable of detecting and removing threats like the 'This is Hitler' Ransomware you can protect your data and prevent threat attacks. Backup copies are especially necessary because they can help restore files that are corrupted by these attacks.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.