GermanWiper Ransomware Description
The GermanWiper Ransomware is a new wiper malware that appears to be targeting users located in German mainly. This threat is harmful, particularly because it is masked as a data-locking Trojan and will attempt to extort its victims with the promise of recovering their data in exchange for a ransom fee. However, these are empty promises because the GermanWiper Ransomware is not a Trojan that will encrypt your data, but it is a wiper malware, which will destroy it with no hope of recovery permanently.
It appears that the authors of the GermanWiper Ransomware are using spam emails as an infection vector in their campaigns. These fraudulent emails would contain a fake CV in the shape of a '. LNK' file. If the users attempt to open the supposed 'CV,' they will trigger the execution of the GermanWiper Ransomware.
Destroys Your Data
Normally, ransomware threats would apply an encryption algorithm to lock the files present on the infected host. However, as we mentioned already, the GermanWiper Ransomware does not encrypt any data; instead, it overwrites it with zeros. This technique makes it difficult to recover any of the lost files, particularly even using a top-tier data-recovery tool. The GermanWiper Ransomware applies a different five-letter extension for every victim using a combination of numbers and letters (for example '.0NYXW').
The Ransom Note
The extension that is applied to the overwritten files also is used in the name of the ransom note. By mentioning the same example from earlier, the ransom note's name would be '0NYXW_Entschluesselungs_Anleitung.html.' In the note, the attackers demand 0.15 Bitcoin (~$1500 at the time of typing this post). Some ransomware authors offer to unlock a file for free so that the user would see that they have a decryption key, which can recover their data. Naturally, this is not the case with the GermanWiper Ransomware as the data is not locked but wiped instead.
Do not pay the ransom fee as the authors of the GermanWiper Ransomware cannot do anything to help you recover your data even if they wanted to. Your only option for recovery is if you had your files backed up. Make sure to download and install a reputable anti-malware tool, which will remove the GermanWiper Ransomware from your computer.
Do You Suspect Your PC May Be Infected with GermanWiper Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like GermanWiper Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.