GermanWiper Ransomware
The GermanWiper Ransomware is a new wiper malware that appears to be targeting users located in German mainly. This threat is harmful, particularly because it is masked as a data-locking Trojan and will attempt to extort its victims with the promise of recovering their data in exchange for a ransom fee. However, these are empty promises because the GermanWiper Ransomware is not a Trojan that will encrypt your data, but it is a wiper malware, which will destroy it with no hope of recovery permanently.
Table of Contents
Propagation
It appears that the authors of the GermanWiper Ransomware are using spam emails as an infection vector in their campaigns. These fraudulent emails would contain a fake CV in the shape of a '. LNK' file. If the users attempt to open the supposed 'CV,' they will trigger the execution of the GermanWiper Ransomware.
Destroys Your Data
Normally, ransomware threats would apply an encryption algorithm to lock the files present on the infected host. However, as we mentioned already, the GermanWiper Ransomware does not encrypt any data; instead, it overwrites it with zeros. This technique makes it difficult to recover any of the lost files, particularly even using a top-tier data-recovery tool. The GermanWiper Ransomware applies a different five-letter extension for every victim using a combination of numbers and letters (for example '.0NYXW').
The Ransom Note
The extension that is applied to the overwritten files also is used in the name of the ransom note. By mentioning the same example from earlier, the ransom note's name would be '0NYXW_Entschluesselungs_Anleitung.html.' In the note, the attackers demand 0.15 Bitcoin (~$1500 at the time of typing this post). Some ransomware authors offer to unlock a file for free so that the user would see that they have a decryption key, which can recover their data. Naturally, this is not the case with the GermanWiper Ransomware as the data is not locked but wiped instead.
Do not pay the ransom fee as the authors of the GermanWiper Ransomware cannot do anything to help you recover your data even if they wanted to. Your only option for recovery is if you had your files backed up. Make sure to download and install a reputable anti-malware tool, which will remove the GermanWiper Ransomware from your computer.
