GermanWiper Ransomware

GermanWiper Ransomware Description

The GermanWiper Ransomware is a new wiper malware that appears to be targeting users located in German mainly. This threat is harmful, particularly because it is masked as a data-locking Trojan and will attempt to extort its victims with the promise of recovering their data in exchange for a ransom fee. However, these are empty promises because the GermanWiper Ransomware is not a Trojan that will encrypt your data, but it is a wiper malware, which will destroy it with no hope of recovery permanently.


It appears that the authors of the GermanWiper Ransomware are using spam emails as an infection vector in their campaigns. These fraudulent emails would contain a fake CV in the shape of a '. LNK' file. If the users attempt to open the supposed 'CV,' they will trigger the execution of the GermanWiper Ransomware.

Destroys Your Data

Normally, ransomware threats would apply an encryption algorithm to lock the files present on the infected host. However, as we mentioned already, the GermanWiper Ransomware does not encrypt any data; instead, it overwrites it with zeros. This technique makes it difficult to recover any of the lost files, particularly even using a top-tier data-recovery tool. The GermanWiper Ransomware applies a different five-letter extension for every victim using a combination of numbers and letters (for example '.0NYXW').

The Ransom Note

The extension that is applied to the overwritten files also is used in the name of the ransom note. By mentioning the same example from earlier, the ransom note's name would be '0NYXW_Entschluesselungs_Anleitung.html.' In the note, the attackers demand 0.15 Bitcoin (~$1500 at the time of typing this post). Some ransomware authors offer to unlock a file for free so that the user would see that they have a decryption key, which can recover their data. Naturally, this is not the case with the GermanWiper Ransomware as the data is not locked but wiped instead.

Do not pay the ransom fee as the authors of the GermanWiper Ransomware cannot do anything to help you recover your data even if they wanted to. Your only option for recovery is if you had your files backed up. Make sure to download and install a reputable anti-malware tool, which will remove the GermanWiper Ransomware from your computer.

Do You Suspect Your PC May Be Infected with GermanWiper Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like GermanWiper Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.